Security can be a scary issue for small business owners.
With the news being filled with stories about email accounts being hacked, like the
recent coverage about thousands of Yahoo accounts getting hacked (including some from Gmail), you may wonder if your own accounts are safe.
Small businesses are especially vulnerable to hacking
because they can’t pay for expensive in-house security monitoring. Plus, they
often rely on their email to negotiate important business deals. So, there
could be real financial loss if your information becomes compromised.
While there are no guarantees, there are some steps you can
take in Gmail to protect your information. In this tutorial, I explore basic security best practices that anyone can use on any account to make it more secure. I’ll also
provide step-by-step details to show you how to increase your security in
Basic Email Password and Online Security Steps
Some of the best methods to protect your Gmail information
also apply to other areas of your online presence. Following these methods
reduces your chances of being hacked no matter which application you use.
To learn more about online security, study our tutorial:
In this section I’ll cover some of the most important basic security best practices that also apply to email. Those practices include:
- Picking a strong password
- Storing your passwords securely
- Changing your password
- Using authentication
- Keeping your browser updated
Disclaimer: I am
not an information securities expert. This post is based on a compilation of
recommended best practices and my own experiences as a Gmail user.
Let’s take a look at each best practices separately.
1. How to Pick a Strong Gmail Password
Many small business owners struggle with choosing a
password. You want a password that you will remember but that a hacker won’t be
able to figure out.
Step 1. Avoid Obvious Passwords for Gmail
The trouble is, some of the easiest passwords to remember
are also some of the least secure. Try to avoid using passwords that are also:
- Your partner’s name
Your child’s name
Your pet’s name
While these types of passwords are easy to remember, the
information is also fairly simple for a hacker to find out. In some cases, such
as your address information, it may even be public record. If a hacker manages
to get into your social media account, they can probably also learn the names
of those close to you.
Passwords that others commonly use are also bad choices. They
are among the first that a hacker would try to gain access to your account
with. One security organization, Splashdata, actually keeps a list of some of
the worst passwords that people use by year. Their latest list includes
commonly used passwords such as:
Some of these are the default passwords that many systems
come with. If you recognize your password on one of their lists, change it
Step 2. Choose a
Longer, Random Email Password
The best passwords are random and contain various types of
characters. For example, a password that contains upper and lowercase letters,
numbers, and symbols is harder to hack than a password of all letters or
Also, the longer the password, the harder it is to hack.
Passwords should be at least eight characters long. Some experts recommend
using twelve or more characters.
Avoid stand-alone online password generators since the site
may be trying to harvest passwords. A password generator included in a reputable
security tool is probably safe though.
Once you find a good password, you may be tempted to use it
for all your accounts. Don’t do it. If your password becomes compromised, then
the hacker potentially has access to your entire online presence.
To learn more about choosing good passwords,
review this tutorial:
Some of the characteristics that make your password hard to
guess, also make it harder to remember. That’s why it’s important to come up
with a secure way to store your passwords.
2. How to Store Your Gmail Passwords Securely
Having a secure Gmail password is no good if hackers can easily
find it. Whenever possible, avoid:
Using Your Email Password on a Public PC. If you do
use your password on a public device, clear the cache and memory afterwards.
You may also wish to change your password.
Keeping Your Password on Your Person. Writing
your passwords on a slip of paper and keeping it in your wallet can be a
problem if your wallet is lost or stolen.
Storing Your Password in an Unprotected Document. It’s common
for users to create Word or Excel password lists. This is not a secure practice. The trouble is, anyone who accesses your machine can open these documents.
Using a reliable password manager can be a safer option to
help you keep track of all those passwords. Password managers use encryption
and other means to keep your data safe. Here are tutorials on two popular password manager
3. How Often Should You Change Your Gmail Password?
The topic of how often to change your password is
controversial. Many security-minded businesses and some applications require
regular password changes.
While the motivation behind regular password changes is
good, some studies have shown that they are less than effective. That’s because
the majority of users don’t create totally new passwords when they change their
password. Instead, they simply change their current password by adding or
changing a character. This
article from Lorrie Cranor writing for the Federal Trade Commission goes into depth
about the problems with frequent password changes.
Experts suggest that choosing a strong password is a better
security tactic than frequent password changes. It’s important to select a strong password
to begin with.
4. How to Use Authentication
In an attempt to increase user security many applications
have gone beyond passwords to authenticate the user. Here are some common
methods that applications use to verify the user’s identity:
Questions – Security questions are probably one of oldest forms of user
authentication. They are often used for password recovery. The inherent problem
with security questions is that they often ask for information that could be
readily available through social media such as your pet’s name or the name of
your high school.
Codes – A newer authentication technique is to require the user to enter a
randomly generated code that is sent to their phone when they log in. The code
is different each time. The drawback to this, of course, is that the user must
keep their phone with them to access their account. This can be inconvenient
for some users.
- Hardware – This involves a physical device that must be plugged into your computer to allow for authentication. YubiKey for LastPass is a good example of a usb device that adds an extra login access step.
Biometrics – Biometric identification replaces passwords with unique physical
characteristics such as fingerprint scans, retinal scans, and voice
recognition. While this form of identification is experimental, its use is
becoming increasingly common. Consider the iPhone’s Touch ID feature. Some
experts believe biometric identification will replace passwords in the near
A common term that you might hear is two-factor
authentication. This means that the user must enter a password and provide some
other type of identification to access their account.
Gmail allows you to turn on two-factor authentication to add
an extra layer of security to your account. With Google, the two-factor
authentication is a phone code. We’ll provide more information on how to do
that later in this tutorial.
5. Why Browser Updates Are Important
You may think of browser and software updates in terms of
added features, and you’d be partially right. But many updates also contain
crucial security features that protect your system from viruses, malware, and
That’s why you should install updates as soon as they become
available. Always make sure that you download your updates from a reputable
source—usually the maker of your software or browser.
Now that we’ve increased your awareness of general security
best practices, it’s time to move on to Gmail specific security practices.
Gmail Security Best Practices
There are some specific steps you can take in Gmail to make
your account more secure. In this section I’ll provide step-by-step
- How to Change Your Gmail Password
How to Check Your Security Settings
How to Set Up 2-Step Verification
How to Set Up Recovery Options for a Lost
Note: All Google
tools use the same password and security settings. Changing your Gmail password
or security settings may also change your password and settings for other
Google apps you may have and for Google+.
Let’s get started. We’ll discuss each step separately.
How to Change Your Gmail Password
Start from the main Gmail inbox screen:
Click the arrow next to the Settings icon on the upper right corner to display the drop-down menu:
Click the Settings
option to display the Settings
From the menu across the top of the screen, select the Accounts and Import option. You will
notice that the options on the Settings screen change:
Under the Change
account settings category, select the Change
password option. You’ll be prompted to re-enter your existing password:
Type in your current password. Click the Sign in button. The Change Password screen appears:
Type a new password below the New password field. Pay particular attention to your password
strength. Type the new password again in the Confirm new password field.
The passwords must be identical. Click
the Change Password button when you are done. You’ll
receive a brief prompt that your password was changed. The Sign-in & security screen displays, where you can make other
2. How to Check Your Security Settings
If you’ve just changed your password, you are already at the
Sign-in & security screen. Go to
step 3 below.
If you are not at the Sign-in
& security screen, click on your photo in the upper right of the main
Gmail interface. A pop-up displays showing your Google account information:
Click the My Account
button. The My Account screen
Click the Sign-in
& security option. The Sign-in
& security screen displays:
This is the screen you use to check your current security
settings. Use the scroll bar on the right of the screen to move down through
You will notice there are three categories covered on this
- Signing in to Google
Device activity & notification
- Connected apps and sites
Your current status in each of these areas displays on the
screen. Review the status of each field in each category carefully.
Make changes to your security settings from this screen by
clicking the arrow to the right of each field. You may be prompted to enter
your password before you can make the change.
Now let’s take a closer look at one of the fields: 2-Step
3. How to Set Up 2-Step Verification
It’s good to turn on 2-Step Verification if you haven’t already done it. It adds an extra layer of protection to your log in process. In this case, the extra layer is a phone code.
Each time you log in to a Google account you will receive a
unique code by phone. You will need to enter that code before you can access
your account. Let’s get started.
Start at the Sign-in
& security screen.
Scroll down to find the 2-Step
Verification field under Password
& Sign-in Method.
Click the arrow to the right of the 2-Step Verification field. The informative 2-Step Verification screen displays with some information about the
importance of 2-step verification:
Click the Get Started
button. You will be prompted to enter your password. After you type your password,
the 2-Step Verification window
appears with two questions:
Answer the questions. Type the phone number where you want
to receive verification codes. Select whether you want to get the codes by text
message or phone call.
When you have answered the questions, click the Try It button. Google immediately sends a code to your
phone. You are prompted to enter the code into the screen to continue:
Type the code you received. Click Next in the lower right corner of the window.
If you successfully entered the code, you are prompted to
turn on 2-step verification. Click Turn
On in the lower right corner your screen to turn it on. You are prompted to
enter your password again. Type your password and click Sign in.
Another screen displays asking you to verify your decision to turn 2-step verification on:
Click the Turn On
button in the upper right of the screen. Two step verification is turned on.
The Sign-in & security screen is
updated to reflect that it is on.
4. How to Set Up Recovery Options for a Lost Password
You can change your settings so that there are two ways to
recover a lost password. I’ll go over both methods.
Start from the Sign-in
& security screen:
Use the scroll bar on the right side of the screen to scroll
down to the Account recovery options.
There are two account recovery options:
You can set up both a recovery email and a phone from this
screen. Let’s start by setting up a recovery email.
Click the arrow to the right of the Recovery email field. You are prompted to enter your password. Type
your password and click Sign in.
Since we set up 2-step verification earlier, the system sends
you a verification code. Enter the verification code you were sent and click Done.
You are prompted to enter your recovery email:
Type your recovery email address. Click the Done button in the lower right of the prompt.
Your recovery email is set. The system returns to the Sign-in & security screen.
Now it is time to set up your recovery phone. Scroll down to
the Account recovery options.
Click the arrow on the right of the Recovery phone field.
You are prompted to enter your password. Type it in and click Sign In.
You are prompted to enter your recovery phone:
Click Add recovery
phone. If you have entered a phone number in your account in the past, you
can select it from the next prompt. Or, type in a new phone number on the
If you are entering a new phone number, click Verify when you are done. Follow the
prompts to verify your new number.
Your recovery phone is set. The system returns to the Sign-in & security screen.
While there are no guarantees, but there are steps you can take to reduce the likelihood that your
Gmail account getting hacked.
- Understand and follow web security best
- Understand and use Gmail specific security measures.
Above all, remember that computer security measures change
often. Don’t forget to keep your Gmail account’s security up to date.