Productivity Security

How to Secure Your Gmail Account in 6 Easy Steps

James Frew Updated 23-04-2020

Gmail is the most popular free email service used by millions of people around the world. Billions of messages are sent and received through Google’s email software each day. Many of these messages contain personal or confidential information.

Advertisement

Unfortunately, it’s also true that malicious hacks, phishing attacks, and password leaks are becoming more commonplace. To prevent your personal email ending up in someone else’s hands, you’ll need to secure your Gmail account.

Let’s take a look at how to secure your Gmail account in just six easy steps.

1. Open Your Google Account Settings

Google Account Security settings

Navigate to Gmail and click on your profile picture at the top right of the page, which will open the Google menu. From there, select Manage your Google Account. When you signed up to Gmail, Google also created a single account for you to access all of their services. This is known as your Google Account.

Each service has it’s own settings and options, but critical information like your password, two-factor authentication, and other personal details are managed through your Google account. On the left menu, select Security.

Advertisement

2. Resolve Security Issues

Google Security Checkup

As part of an effort to help secure your account, Google offers security recommendations. If there are outstanding issues, these will be listed at the top of your account’s Security page. Even if there are no suggestions, click Secure account at the bottom of the Security issues found section.

This will take you to an overview of your Google account’s security status. The site uses a traffic light system to alert you to areas that need attention. If all six sections are green, then you can move onto other areas. Otherwise, follow the guidance listed by each section to improve your Gmail security.

3. Update Password and Two-Factor Authentication

Google Two-Factor Authentication Settings

Advertisement

Back at your Google account’s Security page, there is an overview titled Signing in to Google. Here you can see when your password was last changed, and whether you have enabled two-factor authentication. It is good practice to change your password for a stronger one, especially if you reuse passwords.

Two-factor authentication (2FA) adds a step to the login process. After entering your username and password, you’ll be asked to enter a temporary code. This is used to ensure that it is you signing in, and not just someone with your credentials. It is definitely worth securing all your accounts with 2FA How to Secure Your Accounts With 2FA: Gmail, Outlook, and More Can two-factor authentication help to secure your email and social networks? Here's what you need to know to get secure online. Read More .

Google offers a few options for this service; an authenticator app (like Google Authenticator or Authy) or an SMS code. If you use an Android device, you may also be able to set up an authentication notification on your phone, too.

4. Assess Recent Security Activity

Google Account Recent Security Activity

Advertisement

After you’ve completed Google’s security checkup, made sure you’re using a secure password, and enabled two-factor authentication, you can review past security events on your account. On the main Security settings page, scroll until you reach the Recent security activity section.

This area shows any login or access events in the past 28 days. Each item shows the device or app and date of the event. If you open a single event, there is more detail like the IP address, estimated location, and browser.

Although this is a read-only section, so you can’t edit or change any settings here, it should alert you to whether any suspicious activity has occurred on your account. Google even has a prompt on this page, noting that if you see anything that looks suspicious, you should follow guidance to secure your account.

5. Review Your Devices

Google Account Devices management settings

Advertisement

If you’ve checked over your recent security activity and found nothing suspicious, you can advance to reviewing devices with access to your Google account. Under the Your devices header, select Manage devices. This opens a list of every device currently signed in to your Gmail account.

You can choose to sign out unused or older devices. They appear in a separate collection labeled Where you’ve signed out. Identifying each may be a little challenging; if the activity came from a Windows PC, for example, the log would only show the device name as Windows, rather than something unique.

If you’re unsure, err on the side of caution and sign it out. The worst that’ll happen is you’ll need to log in again on that device.

6. Manage Third-Party Apps

Google Account Third-Party Apps

After signing out from devices, you should review the Third-party apps with account access from the Security settings page. This list details every app that you’ve given access to your Google or Gmail account. As with other areas of your account, the list is an overview, and you can select each item to expand the detail.

You may recognize the app, but that doesn’t necessarily mean you should leave it untouched. Viewing the item allows you to see the data that the app has permission to access. This is an important step, especially as in 2018, Google admitted that third-party apps can read your Gmail messages Google Admits Third-Party Apps Can Read Your Gmail Google has admitted that third-party apps can read your Gmail. However, this is all your fault, as you're the one giving developers access... Read More .

If it’s an email app, it’ll likely have access to your Gmail account and be able to send emails on your behalf. However, you may not have given it explicit permission to access all of your Google Drive content, for example.

Likewise, if you no longer use one of the apps in the list, you should remove it from your account. If you don’t recognize an item on the list and don’t believe you ever gave it access to your account, there is an option to flag it to Google by selecting the Report this app link.

How to Secure Your Gmail Account

While it’s essential to enable these features, you also need to consider the threats that Google can’t protect you from. If you reuse passwords, you could be putting all your online accounts at risk. Hackers are known to use leaked account details to perform credential stuffing attacks.

In these attacks, your stolen email address and password are entered into multiple sites to gain access to your data. To avert the danger of this attack, be sure to use one of the best password managers The Best Password Managers for Every Occasion Struggling to remember your increasingly elaborate passwords? It's time to rely on one of these free or paid password managers! Read More to create and store a unique login for each account.

Related topics: Email Tips, Gmail, Online Security, Password, Two-Factor Authentication.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    June 15, 2016 at 5:07 pm

    This article mentions Gmail but isn't this password your Google password as well?

    • Joel Lee
      June 19, 2016 at 3:46 am

      Yes Gene, this actually does apply to the entire Google account. :)

  2. Christopher Walter
    June 15, 2016 at 2:06 pm

    I include blank spaces in pass words when I can in a password.

    • Joel Lee
      June 19, 2016 at 3:45 am

      Ha, that kinda makes me cringe but I suppose there's nothing wrong with that. :)

  3. Robert
    June 15, 2016 at 12:01 pm

    What if a user does not have a smartphone to use for Step Verification?

    • Anonymous
      June 15, 2016 at 12:10 pm

      use a simple mobile phone, which can receive an SMS

      • Anonymous
        June 16, 2016 at 3:53 pm

        As shocking and incomprehensible as it may be, not everyone has/uses a mobile phone. I am one of those people. :-)