Gmail is the most popular free email service used by millions of people around the world. Billions of messages are sent and received through Google’s email software each day. Many of these messages contain personal or confidential information.
Unfortunately, it’s also true that malicious hacks, phishing attacks, and password leaks are becoming more commonplace. To prevent your personal email ending up in someone else’s hands, you’ll need to secure your Gmail account.
Let’s take a look at how to secure your Gmail account in just six easy steps.
1. Open Your Google Account Settings
Navigate to Gmail and click on your profile picture at the top right of the page, which will open the Google menu. From there, select Manage your Google Account. When you signed up to Gmail, Google also created a single account for you to access all of their services. This is known as your Google Account.
Each service has it’s own settings and options, but critical information like your password, two-factor authentication, and other personal details are managed through your Google account. On the left menu, select Security.
2. Resolve Security Issues
As part of an effort to help secure your account, Google offers security recommendations. If there are outstanding issues, these will be listed at the top of your account’s Security page. Even if there are no suggestions, click Secure account at the bottom of the Security issues found section.
This will take you to an overview of your Google account’s security status. The site uses a traffic light system to alert you to areas that need attention. If all six sections are green, then you can move onto other areas. Otherwise, follow the guidance listed by each section to improve your Gmail security.
3. Update Password and Two-Factor Authentication
Back at your Google account’s Security page, there is an overview titled Signing in to Google. Here you can see when your password was last changed, and whether you have enabled two-factor authentication. It is good practice to change your password for a stronger one, especially if you reuse passwords.
Two-factor authentication (2FA) adds a step to the login process. After entering your username and password, you’ll be asked to enter a temporary code. This is used to ensure that it is you signing in, and not just someone with your credentials. It is definitely worth securing all your accounts with 2FA .
Google offers a few options for this service; an authenticator app (like Google Authenticator or Authy) or an SMS code. If you use an Android device, you may also be able to set up an authentication notification on your phone, too.
4. Assess Recent Security Activity
After you’ve completed Google’s security checkup, made sure you’re using a secure password, and enabled two-factor authentication, you can review past security events on your account. On the main Security settings page, scroll until you reach the Recent security activity section.
This area shows any login or access events in the past 28 days. Each item shows the device or app and date of the event. If you open a single event, there is more detail like the IP address, estimated location, and browser.
Although this is a read-only section, so you can’t edit or change any settings here, it should alert you to whether any suspicious activity has occurred on your account. Google even has a prompt on this page, noting that if you see anything that looks suspicious, you should follow guidance to secure your account.
5. Review Your Devices
If you’ve checked over your recent security activity and found nothing suspicious, you can advance to reviewing devices with access to your Google account. Under the Your devices header, select Manage devices. This opens a list of every device currently signed in to your Gmail account.
You can choose to sign out unused or older devices. They appear in a separate collection labeled Where you’ve signed out. Identifying each may be a little challenging; if the activity came from a Windows PC, for example, the log would only show the device name as Windows, rather than something unique.
If you’re unsure, err on the side of caution and sign it out. The worst that’ll happen is you’ll need to log in again on that device.
6. Manage Third-Party Apps
After signing out from devices, you should review the Third-party apps with account access from the Security settings page. This list details every app that you’ve given access to your Google or Gmail account. As with other areas of your account, the list is an overview, and you can select each item to expand the detail.
You may recognize the app, but that doesn’t necessarily mean you should leave it untouched. Viewing the item allows you to see the data that the app has permission to access. This is an important step, especially as in 2018, Google admitted that third-party apps can read your Gmail messages .
If it’s an email app, it’ll likely have access to your Gmail account and be able to send emails on your behalf. However, you may not have given it explicit permission to access all of your Google Drive content, for example.
Likewise, if you no longer use one of the apps in the list, you should remove it from your account. If you don’t recognize an item on the list and don’t believe you ever gave it access to your account, there is an option to flag it to Google by selecting the Report this app link.
How to Secure Your Gmail Account
While it’s essential to enable these features, you also need to consider the threats that Google can’t protect you from. If you reuse passwords, you could be putting all your online accounts at risk. Hackers are known to use leaked account details to perform credential stuffing attacks.
In these attacks, your stolen email address and password are entered into multiple sites to gain access to your data. To avert the danger of this attack, be sure to use one of the best password managers to create and store a unique login for each account.
Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.