www 101

All you need to know about the internet

Have a Question?

If you have any question you can ask below or enter what you are looking for!

How to Work With Gmail Passwords Safely & Not Get Hacked

Security can be a scary issue for small business owners.
With the news being filled with stories about email accounts being hacked, like the
recent coverage about thousands of Yahoo accounts getting hacked (including some from Gmail), you may wonder if your own accounts are safe. 

Small businesses are especially vulnerable to hacking
because they can’t pay for expensive in-house security monitoring. Plus, they
often rely on their email to negotiate important business deals. So, there
could be real financial loss if your information becomes compromised.

While there are no guarantees, there are some steps you can
take in Gmail to protect your information. In this tutorial, I explore basic security best practices that anyone can use on any account to make it more secure. I’ll also
provide step-by-step details to show you how to increase your security in
Gmail. 

Basic Email Password and Online Security Steps

Some of the best methods to protect your Gmail information
also apply to other areas of your online presence. Following these methods
reduces your chances of being hacked no matter which application you use.

To learn more about online security, study our tutorial:

In this section I’ll cover some of the most important basic security best practices that also apply to email. Those practices include:

  • Picking a strong password
  • Storing your passwords securely
  • Changing your password
  • Using authentication
  • Keeping your browser updated

Disclaimer: I am
not an information securities expert. This post is based on a compilation of
recommended best practices and my own experiences as a Gmail user.

Let’s take a look at each best practices separately.

1. How to Pick a Strong Gmail Password

Many small business owners struggle with choosing a
password. You want a password that you will remember but that a hacker won’t be
able to figure out.

Step 1. Avoid Obvious Passwords for Gmail

The trouble is, some of the easiest passwords to remember
are also some of the least secure. Try to avoid using passwords that are also:

  • Your partner’s name
  • Your child’s name

  • Your pet’s name

  • Your address

While these types of passwords are easy to remember, the
information is also fairly simple for a hacker to find out. In some cases, such
as your address information, it may even be public record. If a hacker manages
to get into your social media account, they can probably also learn the names
of those close to you.

Passwords that others commonly use are also bad choices. They
are among the first that a hacker would try to gain access to your account
with. One security organization, Splashdata, actually keeps a list of some of
the worst passwords that people use by year. Their latest list includes
commonly used passwords such as:

  • 123456
  • abc123
  • password
  • welcome

Some of these are the default passwords that many systems
come with. If you recognize your password on one of their lists, change it
immediately.

Step 2. Choose a
Longer, Random Email Password

The best passwords are random and contain various types of
characters. For example, a password that contains upper and lowercase letters,
numbers, and symbols is harder to hack than a password of all letters or
numbers.

Also, the longer the password, the harder it is to hack.
Passwords should be at least eight characters long. Some experts recommend
using twelve or more characters.

Avoid stand-alone online password generators since the site
may be trying to harvest passwords. A password generator included in a reputable
security tool is probably safe though.

Once you find a good password, you may be tempted to use it
for all your accounts. Don’t do it. If your password becomes compromised, then
the hacker potentially has access to your entire online presence.

To learn more about choosing good passwords,
review this tutorial:

Some of the characteristics that make your password hard to
guess, also make it harder to remember. That’s why it’s important to come up
with a secure way to store your passwords.

2. How to Store Your Gmail Passwords Securely

Having a secure Gmail password is no good if hackers can easily
find it. Whenever possible, avoid:

  • Using Your Email Password on a Public PC. If you do
    use your password on a public device, clear the cache and memory afterwards.
    You may also wish to change your password.
  • Keeping Your Password on Your Person. Writing
    your passwords on a slip of paper and keeping it in your wallet can be a
    problem if your wallet is lost or stolen.

  • Storing Your Password in an Unprotected Document. It’s common
    for users to create Word or Excel password lists. This is not a secure practice. The trouble is, anyone who accesses your machine can open these documents.

Using a reliable password manager can be a safer option to
help you keep track of all those passwords. Password managers use encryption
and other means to keep your data safe. Here are tutorials on two popular password manager
utilities:

3. How Often Should You Change Your Gmail Password?

The topic of how often to change your password is
controversial. Many security-minded businesses and some applications require
regular password changes.

While the motivation behind regular password changes is
good, some studies have shown that they are less than effective. That’s because
the majority of users don’t create totally new passwords when they change their
password. Instead, they simply change their current password by adding or
changing a character. This
article
from Lorrie Cranor writing for the Federal Trade Commission goes into depth
about the problems with frequent password changes.

Experts suggest that choosing a strong password is a better
security tactic than frequent password changes. It’s important to select a strong password
to begin with.

4. How to Use Authentication

In an attempt to increase user security many applications
have gone beyond passwords to authenticate the user. Here are some common
methods that applications use to verify the user’s identity:

  1. Security
    Questions
    – Security questions are probably one of oldest forms of user
    authentication. They are often used for password recovery. The inherent problem
    with security questions is that they often ask for information that could be
    readily available through social media such as your pet’s name or the name of
    your high school.
  2. Phone
    Codes 
    – A newer authentication technique is to require the user to enter a
    randomly generated code that is sent to their phone when they log in. The code
    is different each time. The drawback to this, of course, is that the user must
    keep their phone with them to access their account. This can be inconvenient
    for some users.
  3. Hardware – This involves a physical device that must be plugged into your computer to allow for authentication. YubiKey for LastPass is a good example of a usb device that adds an extra login access step.
  4. Biometrics – Biometric identification replaces passwords with unique physical
    characteristics such as fingerprint scans, retinal scans, and voice
    recognition. While this form of identification is experimental, its use is
    becoming increasingly common. Consider the iPhone’s Touch ID feature. Some
    experts believe biometric identification will replace passwords in the near
    future.

A common term that you might hear is two-factor
authentication. This means that the user must enter a password and provide some
other type of identification to access their account.

Gmail allows you to turn on two-factor authentication to add
an extra layer of security to your account. With Google, the two-factor
authentication is a phone code. We’ll provide more information on how to do
that later in this tutorial.

5. Why Browser Updates Are Important

You may think of browser and software updates in terms of
added features, and you’d be partially right. But many updates also contain
crucial security features that protect your system from viruses, malware, and
even hackers.

That’s why you should install updates as soon as they become
available. Always make sure that you download your updates from a reputable
source—usually the maker of your software or browser.

Now that we’ve increased your awareness of general security
best practices, it’s time to move on to Gmail specific security practices.

Gmail Security Best Practices

There are some specific steps you can take in Gmail to make
your account more secure. In this section I’ll provide step-by-step
instructions on:

  • How to Change Your Gmail Password
  • How to Check Your Security Settings

  • How to Set Up 2-Step Verification

  • How to Set Up Recovery Options for a Lost
    Password

Note: All Google
tools use the same password and security settings. Changing your Gmail password
or security settings may also change your password and settings for other
Google apps you may have and for Google+.

Let’s get started. We’ll discuss each step separately.

How to Change Your Gmail Password

Step 1

Start from the main Gmail inbox screen:

Gmail inbox screen
Gmail inbox screen.

Click the arrow next to the Settings icon on the upper right corner to display the drop-down menu:

Gmail Settings drop-down menu
Gmail Settings drop-down menu.

Step 2

Click the Settings
option to display the Settings
screen:

Go to the Settings screen
Go to the Settings screen.

From the menu across the top of the screen, select the Accounts and Import option. You will
notice that the options on the Settings screen change:

Select the Accounts and Import option
Select the Accounts and Import option.

Step 3

Under the Change
account settings
category, select the Change
password
option. You’ll be prompted to re-enter your existing password:

Select the Change password option
Select the Change password option.

Type in your current password. Click the Sign in button. The Change Password screen appears:

Type in a new password
Type in a new password.

Step 4

Type a new password below the New password field. Pay particular attention to your password
strength. Type the new password again in the Confirm new password field.

The passwords must be identical. Click
the Change Password button when you are done. You’ll
receive a brief prompt that your password was changed. The Sign-in & security screen displays, where you can make other
security changes:

Sign-in  security screen
Sign-in & security screen.

2. How to Check Your Security Settings

Step 1

If you’ve just changed your password, you are already at the
Sign-in & security screen. Go to
step 3 below.

If you are not at the Sign-in
& security
screen, click on your photo in the upper right of the main
Gmail interface. A pop-up displays showing your Google account information:

Google account information pop-up
Google account information pop-up.

Step 2

Click the My Account
button. The My Account screen
appears:

Gmail My Account screen
Gmail My Account screen.

Click the Sign-in
& security
option. The Sign-in
& security
screen displays:

Sign-in  security screen
Gmail Sign-in & security screen.

Step 3

This is the screen you use to check your current security
settings. Use the scroll bar on the right of the screen to move down through
your settings.

You will notice there are three categories covered on this
screen:

  1. Signing in to Google
  2. Device activity & notification

  3. Connected apps and sites

Your current status in each of these areas displays on the
screen. Review the status of each field in each category carefully.

Make changes to your security settings from this screen by
clicking the arrow to the right of each field. You may be prompted to enter
your password before you can make the change.

Now let’s take a closer look at one of the fields: 2-Step
Verification

3. How to Set Up 2-Step Verification

It’s good to turn on 2-Step Verification if you haven’t already done it. It adds an extra layer of protection to your log in process. In this case, the extra layer is a phone code.

Each time you log in to a Google account you will receive a
unique code by phone. You will need to enter that code before you can access
your account. Let’s get started.

Step 1

Start at the Sign-in
& security
screen.

Gmail Sign-in  security screen
Gmail Sign-in & security screen.

Scroll down to find the 2-Step
Verification
field under Password
& Sign-in Method
.

2-Step Verification field
2-Step Verification field.

Step 2

Click the arrow to the right of the 2-Step Verification field. The informative 2-Step Verification screen displays with some information about the
importance of 2-step verification:

2-Step Verification screen
2-Step Verification screen.

Click the Get Started
button. You will be prompted to enter your password. After you type your password,
the 2-Step Verification window
appears with two questions:

2-Step Verification questions
2-Step Verification questions.

Step 3

Answer the questions. Type the phone number where you want
to receive verification codes. Select whether you want to get the codes by text
message or phone call.

When you have answered the questions, click the Try It button.  Google immediately sends a code to your
phone. You are prompted to enter the code into the screen to continue:

Enter the code
Enter the code.

Step 4

Type the code you received. Click Next in the lower right corner of the window.

If you successfully entered the code, you are prompted to
turn on 2-step verification. Click Turn
On
in the lower right corner your screen to turn it on. You are prompted to
enter your password again. Type your password and click Sign in.

Another screen displays asking you to verify your decision to turn 2-step verification on:

Turn On 2-step verification
Turn On 2-step verification. 

Click the Turn On
button in the upper right of the screen. Two step verification is turned on.
The Sign-in & security screen is
updated to reflect that it is on.

4. How to Set Up Recovery Options for a Lost Password

You can change your settings so that there are two ways to
recover a lost password. I’ll go over both methods.

Step 1

Start from the Sign-in
& security
screen:

Gmail Sign-in  security screen
Sign-in & security screen.

Use the scroll bar on the right side of the screen to scroll
down to the Account recovery options.

Account recovery options
Gmail account recovery options.

There are two account recovery options:

  1. Email
  2. Phone

You can set up both a recovery email and a phone from this
screen. Let’s start by setting up a recovery email.

Step 2

Click the arrow to the right of the Recovery email field. You are prompted to enter your password. Type
your password and click Sign in.

Since we set up 2-step verification earlier, the system sends
you a verification code. Enter the verification code you were sent and click Done.

You are prompted to enter your recovery email:

Enter your recovery email
Enter your recovery email.

Type your recovery email address. Click the Done button in the lower right of the prompt.

Your recovery email is set. The system returns to the Sign-in & security screen.

Step 3

Now it is time to set up your recovery phone. Scroll down to
the Account recovery options.

Account recovery options
Account recovery options.

Click the arrow on the right of the Recovery phone field.
You are prompted to enter your password. Type it in and click Sign In.

You are prompted to enter your recovery phone:

Enter your recovery phone number
Add your recovery phone.

Click Add recovery
phone
. If you have entered a phone number in your account in the past, you
can select it from the next prompt. Or, type in a new phone number on the
following screen:

Enter your recovery phone number
Enter your recovery phone number.

If you are entering a new phone number, click Verify when you are done. Follow the
prompts to verify your new number.

Your recovery phone is set. The system returns to the Sign-in & security screen.

Conclusion

While there are no guarantees, but there are steps you can take to reduce the likelihood that your
Gmail account getting hacked.

  1. Understand and follow web security best
    practices.
  2. Understand and use Gmail specific security measures.

Above all, remember that computer security measures change
often. Don’t forget to keep your Gmail account’s security up to date.