With more than a billion monthly active users – yes, billion with a “b” – Google's Gmail is by far the most popular webmail app on the planet.
And for good reason: it’s an easy-to-use and reliable cloud service that lets you log in to read your messages from anywhere, and on virtually any device (heck, even Smart TVs).
And while Gmail is relatively secure, there are a few simple things you can do to best protect yourself while using the service.
Here’s a look at five suggestions.
1. Use a stronger password
Think about what your password is. Great. Now change it.
Rule of thumb: The longer the password, the better. A good password has a combination of letters, numbers and symbols.
If you prefer, use a phrase that only you know, and then modify it with some numbers and symbols. For example, the phrase could be “My mom Jane and dad Mike call me once a day,” which becomes “MmJ&dMcm1ad!”
Don’t use the same password for all of your online activities. If a cybercriminal gains access to your Gmail, it’ll be even worse if they have access to your online banking, favorite retailer, cloud account, and more.
To change your password, log into your Gmail, click or tap the Options tab (a gray gear), then Settings, followed by Accounts and Import, and click to change password.
2. Opt for 2-step verification
Google's 2-step verification is an extra security measure to protect your Google account from being compromised.
It’s worth considering as it confirms it’s you – and only you – before granting access to your Google apps, such as Gmail.
In addition to a standard username and password you’ll also need a code that’s sent via text message to your mobile phone (or you can use the Google Authenticator app). Before you gain access to the Google app, you'll be prompted to enter that short verification code, which you'll get from your mobile phone.
To get started, log into your Google account, go to your Accounts settings page and look for the “Using 2-step verification” link. Click it and start the setup process. You’ll also be prompted to enter a backup phone number – be it a landline or secondary mobile number -- if you lose access to your primary phone.
3. Review, update your account options
Gmail’s recovery options help secure your account from hijackers and give you a way to access your account if you forget your password.
Your smartphone is probably the easiest, quickest and most secure way to help protect your account – and better than your recovery email address because you have your phone with you at all times. Google says typing in your mobile phone number as a recovery tool won’t land it on a marketing list for spammers or telemarketers.
To update your account recovery options, go to google.com/settings/security and sign in. Click “Update recovery options” under “Password and recovery options.” Add or edit your security options for Mobile phone and Email.
Also, if you’ve noticed some suspicious activity on your account -- or if Google notified you of your account being accessed on a device (or in a place) not familiar to you -- sign into your Gmail and on the bottom of your mail, look for where it says “Last Account Activity: (number) minutes ago.” Tap or click on the Detail tab, and then you can see the access type, location and date that you have signed into Gmail in past few days.
4. Enable HTTPS Security
One of the best things about webmail, like Gmail, is you can log in from anywhere, but when you’re on a non-encrypted network or public Wi-Fi hotspot, you’re putting yourself at added risk.
Instead, consider using your cellular connection as it’s much safer than free, public wireless networks.
If that’s not an option, at the very least confirm your HTTPS is enabled on your Gmail – it should be by default – but it’s worth a quick check to make sure your account is best protected from attackers who might want to crack open a path into your Gmail account.
To confirm HTTPS is enabled, log into your Gmail account, tap or click the Options tab (gray gear), and then select: General > Browser Connection, and see whether the option, “Always use HTTPS” is checked off. Click “Save Changes,” before you leave.
5. Don’t be gullible
While many of you know this already, there’s a good reason why “phishing scams” exist: people fall for them every day.
Never ever reply if you see a suspicious message or webpage asking for your personal or financial information. Your bank, credit card company, Internet Service Provider (ISP), webmail service, or favorite retailer isn’t going to send you an email and ask you to confirm your identity – especially when there’s a sense of urgency attached to it. They may look legit – down to the establishment’s logo – but it’s likely a scam. When in doubt, call or write the business in question.
Consider reporting these messages. If you receive an email asking for personal information, sign in to Gmail, open the message you’d like to report, click the down arrow next to Reply and select Report Phishing.
And be careful responding to strange messages from your contacts as their account might have been compromised by an account hijacker.