Your email correspondence likely contains enough information for a hacker to do serious damage to your bank account and reputation. Ultimately, you are responsible for securing your email account. If you use Gmail, here are some steps you can take to better lock down your email:
1. Have a Killer Password
The easiest way for you to keep hackers out is to have a good password. Most hacking occurs when a password is “123456” or “password.” Don’t make it easy for a hacker. Your password should contain a combination of letters, numbers, and symbols. Don’t use the same password for everything you sign into.
2. Change your Password at Least Once Every 6 Months
Once you have created your more secure password, be sure to change it up every now and then.
3. Use a Secure Password Manager
An even better solution than creating your own password is to use a password manager tool to create passwords for you and remember them. Password managers store all of your passwords in a secure area. All you need to do is remember the master password, and the password manager takes care of the passwords for any site you visit. My favorite program is LastPass. Don’t use the option that comes with your browser because it likely is not secure. Have the password manager create your Gmail password for you and then store it in LastPass.
4. Generate Application-Specific Passwords
This is probably the most important step other than creating a good password. Google allows you to designate one computer in which you access Gmail. That computer will become your trusted computer. You will still need to type in your username and password when you access Gmail, but that is all you will need to enter. By designating your computer as the trusted device, all other devices become untrusted including your phone, tablet, or other computer. You can set up application-specific passwords for these devices right from your Gmail account. This will be a special password for a specific device. If you have an iPhone, generate a new password through your Google accounts and that will be your new password to use on your iPhone for your Gmail account. If you use Google Calendar, you will also need a password for that.
The great thing about this feature is that you can revoke any of your device-specific passwords. If your iPhone gets stolen from you, all you need to do is sign into your computer and revoke the Gmail password associated with your iPhone. That will immediately cut off the robber from accessing your Gmail account.
To do this, go to your Google Account (see image below – this is in the far right corner once you are signed into Gmail). On that page, you will see a second option on the far left for “Security.” Click that. Choose the bottom option for “Authorizing Applications and Sites” and click the Edit button. You will see a section for Application-specific passwords. Follow the instructions there for generating application-specific passwords. Then be sure to insert these passwords into your devices for Gmail. Your username will remain the same but you will change the password to this password. Label these accordingly should you ever need to revoke access.
5. Use Google 2-Step Verification
When designating your computer as your trusted device, all other computers will become untrusted. That means that any time you use another computer to access your Gmail, you will require a 2-step verification. You will type in your usual username and password. Once you go to the next screen, you will be asked for a verification code. The best way to get this code is to add an app on your phone called Google Authenticator. This app provides verification codes that change every 10-15 seconds. This will only show up on your phone. So, you would open your phone, get the verification code, and enter that to access your email. You can even check a box during this process to tell Google to Trust that Computer from that point forward.
To set up 2-step verification, go to your Google Account settings and choose Security. Then choose 2-step verification. Choose the type of phone that you have. Make sure you have the Google Authenticator App located on your phone. On your computer, you will see a screen like the one to the right. Scan the QR code within the Google Authenticator app and that will connect your phone to the 2-step verification process. Then, any time you access Gmail from a new computer, you will be asked for a code that is generated in this Google Authenticator app.
6. Remove all Connected Sites, Apps, and Services
You have probably added a number of connected sites, apps, and services that somehow connect to your Gmail account either for contacts or other services. Remove all of these connection points for even better security.
To do this, go to your Google Account (see image above – this is in the far right corner once you are signed into Gmail). On that page, you will see a second option on the far left for “Security.” Click that. Choose the bottom option for “Authorizing Applications and Sites” and click the Edit button. In the top section, remove all connected sites, apps, and services that you no longer use.