Well, the good news is that Google has been forging its Gmail security system by adding new security features, most of which we do not know about. Today we want to show you 10 essential, technical and non-technical tips that will further strengthen your account security from any possible threat and scheme.
While some of them might sound complicated at first, their instructions are extremely easy and they can be completed without any further study, so embrace them and you will prevent one of the worst nightmares of your life – a Gmail breaking and entering!
In 2007, a famous designer,
David Airey’s Gmail account is hijacked. To make the long story short, the hacking started when the user has its account signed on and he went to visit a bad site. The site added a backdoor to extract information from the Gmail account, and the backdoor is the Filter.
Filters can potentially transfer emails as long as the victim has the filter in his account.
Therefore, it’s vital for you to actually check your account settings to delete suspicious filters. The check is real easy. As usual, you just need to log into your Gmail account, then after clicking the gear-like icon, choose Settings > Filters to check and delete the Filter you didn’t put there before.
You will also need to check the “Forwarding and POP/IMAP” tab as well to confirm that there is no foreign forwarding address included in this tab apart from those assigned by you. Do perform a check on these stuff when you feel that something unusual is going on in your account. Your prevention methods will save you from experiencing problems in the future.
5. Revoke Unauthorized Access
Just like what you did to most applications in Facebook, you might have granted permission to any website or web application that requested for access into your Google Account, and that’s one of the hottest tricks that hackers use to access your Gmail.
Many Gmail users wouldn’t notice this security hole easily, as the
option comes from your Google Account, not your Gmail account. And heck, it’s really easy to check if you’ve granted too much trust in them: log into your Google Account, then access
this page, and you will see a list of sites and/or web applications that you’ve granted access to.
Click “Revoke Access” if you find any doubtful applications, and it’s a good practice torevoke access to any application that is unnecessary anymore, even if they are not harmful.
6. Track Account Activity
The best method to check if you’re actually hacked is to know your account activity. Fortunately your Gmail is created by the Google who can do wonders with security features. One proof of that is they have developed an Activity Information panel for you to track your account activities.
It’s really easy to access the Activity Information panel. We may have even scanned through it all the time without actually noticing it. Sign into your Gmail and on the bottom part of your mail, you could see the message saying “Last Account Activity: (number) minutes ago“; click on the “Detail” then you can see the access type, location & date that you have signed into Gmail in past few days.
Under the panel you can also set the Alert preference so Gmail could alert you when it detects certain unusual activities. Be sure to always check the Activity Information panel any time you notice any weird stuff happening in your Gmail.
7. Embrace Security Plugins
In the end, no matter how strong your security is, you might end up getting tricked by phishers and scammers. To combat these tricky situation, you can adopt browser pluginswhich will greatly strengthen your online security by aiding you in recognizing phishing sites and by removing threats, at the cost of hundreds of kilobytes!
Web of Trust (WOT) is an awesome browser plugin that checks whether you are accessing a bad site. When you entered a potentially bad site, WOT will show you a dark page covering the front page of the site, and
inform you that the site has poor reputation, while blocking you from accessing the page. WOT is available for major browsers like Firefox, Google Chrome, Safari, and more!
On that matter, there is a double-edge sword called cookies. It stores certain user information and preferences for convenient site information access in future, but it also leaves a path for attackers to infiltrate your computer. That’s when
BetterPrivacy comes to the rescue. Basically it
removes special long-term cookies, thus greatly eliminating the chances for attackers to hack into your account.
Better Privacy is only available for Firefox, but you can get similar plugins by searching your browser’s plugin store with the term “
privacy“. Other than that, you can browse the
Firefox Add-ons Page,
Chrome Web Store,
Safari Extension Gallery or any other browser’s plugin store to get more security tools for your browser. But always remember to
check the plugin before adopting it, as you might know, sometimes the help could be the culprit itself!
8. Enhance Security Question’s Answer
You will be surprised to the fact that hackers love to hack into your account from your mail recovery’s security question, than to confront your already strong password directly. It’s really reasonable though, since most websites teach you to create a strong password, but they didn’t tell you to spawn a tricky recovery question and/or answer.
For this one I will like to have my personal trick exposed to you: create a question with an absolutely wrong answer. It’s really simple, let’s say you made a question, “Who is the lover of my mother?” (please don’t use the combination of this question and the answer below since we covered it here), then you can put the answer as “my mother loves to eat burger“. Make it as nonsensical as possible, but keep the answer strongly related with your past, so you can remember it easily and only you will know the answer to it.
Once you got your own tricky question and answer, you can change your password recovery question by accessing your Gmail, clicking on the gear-like icon >
Settings >
Accounts and Import >
Change password recovery options, then click “
Edit” on the
Security questionoption and replace it with your new question. One more
job is done to fortify your Gmail account.
9. Create A Strong Password
Unless you’ve enabled 2-step verification, your password is the only entity that guards all your mails, contacts and sensitive information. In order to make your Gmail account more invulnerable to the hacker, you need to create an invulnerable password.
Avoid easy passwords like “iloveyou” or “password” or “1q2w3e4r“, all of these can be easily hacked. That said, you shouldn’t create 3 kinds of password, which are listed as below:
- Password which consists of words that can be found in dictionaries.
- Password which consists of words only or numbers only.
- Password which consists of your name or any personal information existed on web.
Now on the strong password creation, that’s a great memory trick called
Mnemonic, in which you utilize your brain function to remember a password. Let’s say you want to create a long password, you can use a sentence like “
icreatedthisaccountin2012“. But the password is too long and it still can be hacked easily, so you can
take the first letter of every word and combine with the numbers to become something like “
ictai2012“.
Well, it’s not really a strong password, so you should add in your own “unique symbol” like@ on every 2 letters/numbers, which becomes “ic@ta@i2@01@2” (please don’t adopt this password since we explained it here). This should look safe, and it takes short time to master.
Be creative! Otherwise you can go hardcore by creating 24 keys password with random words, numbers and symbols, and try to memorize it every day. Normally this only costs you around a week to get well-accustomed with it. You’ll be surprised at how fast you can memorize it since your brain is forced to retrieve this essential information every time you want to access your important account.
After you’ve set up your password, you can test your password’s strength directly though
The Password Meter, and also possibly obtain some valuable tips from the site.
10. And Never Trust Anyone
Even (and especially) when you receive emails from your loved ones, because their account might be hacked and those emails are actually sent not by them and without their permission. I believe that most people already know about this but I feel it important to list this advice down nonetheless.
The fact is that I can’t really count how many scam or phishing mails I’ve received from my friends’ hacked accounts. Fortunately I was calm enough to not open the “I love you” email, but there could be certain mails like “Robbed in China” scams in which "your friend" asks for your emergency help, and these are the ones that could really trick you as the request for help is coming from your dear friend.
Normally your first reaction would be to ignore the mail, but if you’re really curious about the situation, then reach out to the friend or his/her family members to verify the crisis before extending any help . Otherwise, you’re the one who will face the crisis, so please keep the warning in at the back of your mind any time!
Conclusion
Ther is one more truth that you might find disturbing: if a professional hacker really wants to hack into your account, there’s basically no way for you to prevent the attack. However, if you do your best to prevent the possible methods of attacks, then the chance of your account being hacked will be greatly decreased. Usually the thief won’t invest too much time on a random account.
Personally I prefer the combination of the 2-step verification and Web Of Trust add-on, since the thief cannot access your account if he doesn’t have your phone and the WOT would stop you from visiting a page and making yourself a victim so easily.
Have a better tip or thought on securing everyone’s Gmail account? Feel free to expose them in the comments!
