Think about all the people you have emailed in the past 5 years. Old friends, professors, bosses, ex-boyfriends, that random kid you did a project with in a class, past students, people you were emailing as a “cold call” pleading them to hire you, yeah, everyone. Now, I dare you to just send all of them an email, en masse, (no bcc) with some crappy spam link to who knows where as the only thing in the body of the message.
Would you do it?
I’m a huge fan of Gmail. In fact I’m a fan of all things Google. I constantly rely on my google calendar, and I think I make at least one new Google Doc a day. B is aware of my affection for this web conglomerate (he feels the same way) and has warned me a few times that my password isn’t very strong and that I need a 2-step authentication for my Gmail login.
“A 2-step what? Why would anyone hack me? That’s crazy, I dont need to do that”
Then one fateful Sunday morning I checked my phone to find two strange texts on my phone from Google saying my password was changed. B then checked his phone to find multiple texts from people saying “I think Steph has been hacked.” The funny thing is that more people told B than me!
Ugh, sure enough some hacker in Macedonia had broken into my account and sent that ridiculous email to everyone and I mean EVERYONE in my contacts. Luckily, Google thought someone logging in from Macedonia was a little suspicious, and I was able to regain control of my account with my cell phone as an authentication.
Long story short, I did some major email contact purging that day and learned a few things about email security, and I think you all should know about it, too. Here’s my 4 steps for a more secure Gmail account.
*a few disclaimers: 1. this post is only applicable to Gmail accounts and 2. I’m not really saying anything too profound, this is all in your account settings, but maybe you weren’t aware of all these options or didn’t think they were really necessary. 3. There is no way to completely prevent hackers, but doing these steps will definitely make it much harder for someone to get in to your account.
1. Create a unique, strong password
This may sound like a no brainer, but it’s important to have strong passwords and keep them unique from site to site. Think about it, if someone figured out your only password, they could have access to your bank account, bills, social media accounts, etc. There’s websites out there that will “test” your password strength, but be careful! Try testing out the strength with test passwords, not your real passwords.
2. Use the Recovery Options and Notifications feature.
If I hadn’t had the recovery options set up prior to getting hacked, it would have been a lot harder to get my password back under my control. But thankfully, I did and Google just texted me verification codes that I could type in to prove who I really was. Luckily those Macedonian jokers didn’t steal my cell phone, too…
The notifications also texted me as soon as the suspicious login occured. I probably wouldn’t have logged in to gmail for a few more hours had I not received those texts when I did. Who knows how many more embarrassing emails could have been sent out in that time!
3. Enable 2-Step Verification
If you are only going to do one of these steps, this is the one to pay attention to. Even though I gave B weird looks when he brought this up back in those pre-hack days, I totally get it now. 2-Step Authentication sends your phone a 6 digit code after you successfully type in your (super strong) password. And don’t worry, you can have Google remember certain computers so you only have to type in the code once on your home computer.
When B first told me about this I thought it sounded like such a pain, but really, it only takes an extra 30 seconds or so and the security is definitely worth it. In the rare case that hacker figures out my new and improved password, he still won’t get very far since, chances are, my phone will be safe with me.
3.2 Enable Application Specific Passwords
This step is inevitable if you get email to any mobile device and you enable 2-step verification. (like you should!) Google will generate a one-time use password for you to type into your phone or tablet so you can receive email on there normally. You only have to do this once.
The beauty of this whole security step is that little Revoke button to the right. What happens if you lose your phone or it gets stolen? That person could have access to your account through your phone! If that happens all you need to do is log on here and click revoke, and that device will no longer be able to access your beloved Google account.
Whew, this is a lengthy post! Did I convince you? Take charge of your Google world and secure it! Or else you’ll be spamming your entire contact list, too.