So recently Jonathan Moyo, a prominent and outspoken Zimbabwean politician, had his Gmail account hacked. Given how he is a professor and he was hacked, how do we ordinary people secure our Gmail accounts from those who seek to get our data? Here are some things you could do to get started on building a fort around your Gmail account.
It all starts with reviewing the status of your Gmail account
For you to know what you need to do, you first have to know the security status of your Gmail account. Simply go to security check up section of your Gmail account settings. This step will show you the different areas associated with the security of your account e.g your password, recovery information, account permission, Gmail settings and 2-step verification settings.
Get a stronger password
Once you’ve reached the security checkup section, you’ll be shown a section for your password as the first section. Even though it says security check-up, it doesn’t seem to tell you how strong your password is, so it’s up to you to get a strong password.
Generally, a strong password is one that has a mixture of letters, numbers, and symbols. It shouldn’t be easily guessed or associated with your personal details e.g your name or the city you live. A strong password is important because it is the main door to getting into your account. Password managers make it easy for you to create a strong password so you might want to consider starting to use one.
Once you’ve generated a strong password from a password manager or you’ve come up with one, change the password from that section. To keep your account secure, you should change your Gmail password every 3 months, so in a year you’ll have around 4 different passwords. If you want to be more secure then you can even increase the frequency of password changes.
Don’t set up 2 step verification this way
Remember how we likened a password to the main door? 2-step verification adds a second door for someone to go through before they gain access to your Gmail. Now, I’ve heard a lot of people saying 2 step verification can be hacked easily and that it’s not really that useful, I think they’re right but at the same time, it can be easily hacked if you don’t use the better versions of it.
The most common example of 2 step verification is one where you get an SMS or a call with a 6 digit code that you will enter before you are able to gain access to your account. This is usually activated to safeguard against people logging into your account easily as it is triggered when a new device is detected to be trying to sign in.
This method of 2 step verification can be bypassed or hacked if someone manages to intercept the SMS or call and get the code instead of you. Due to this, some people have automatically ruled out 2 step verification but that is just one way of doing it on a Gmail account.
Do consider Google Authenticator for Gmail 2 step verification
Another method of 2 step verification is using the Google Authenticator app. The app generates the codes and they are only accessible from your phone since it is the one that is linked to your account through the Google Authenticator app. When someone tries to log into your Gmail account from a different device, they will need to get a code from that app. So if they don’t have your phone then they’ll have a difficult time getting in.
What if you lose your phone and you were using Google Authenticator for 2 step verification?
Generate backup codes for offline use or when you lose your phone
Google allows you to generate 10 unique backup codes that you can use in the event that you’re either offline and a can’t use Google Authenticator app or maybe your phone has been stolen/lost. You will be able to use those codes to login to your Gmail account using one of the codes. Once you use a code, you will not be able to use it again.
These codes can be printed so that you can have them with you even if you don’t travel with any of your gadgets.
If you really want to make things super difficult for anyone to log in, consider this
To make it super difficult for anyone else to log into your Gmail account and make it very secure, consider using a physical security key. This is basically a device which you have to plug into one of your computer’s USB ports and it will act like the Google Authenticator app and allow you to login to your account. If no one else has that device then they can’t log in even if they know your password and vice versa.
For you to be able to use such a device as your 2 step verification, you’ll need to set up at least 1 backup option. In that case, you could then use backup codes for the alternative option for you to login to your device in case you’re not near that physical security key device. All this is great for security but it can be quite inconvenient.
You can have convenience without sacrificing security
If you have a strong password then you can enjoy the convenience of some of the other methods of 2 step verification. For example, you could use Google prompt as your second door. So whenever you try to login to your Gmail account from a new device, a pop-up prompt will show up on your linked device once you’ve entered the password.
All you have to do is take yes or no to allow the device to be logged in. This saves you time if you’re constantly near your phone. To make sure you eliminate other inconveniences that might arise if you don’t have your phone nearby for you to tap yes, you could setup multiple backup 2 step verification methods.
So your primary might be Google Prompt followed by Google Authenticator and if you still don’t have access to both those, you can have backup codes and if push comes to shove setup SMS/call verification. If you’re not a large target then chances are that any one of those will do and someone won’t probably put that much effort to intercept your SMS code if they don’t see the value in it.
However, if you’re a popular person then make it as difficult as you can while still maintaining some sort of convenience so you don’t lose your mind every time you try to login to your Gmail account. These are not all the ways you can secure your Gmail account, these are just the ones that Google offers to you that you could use to be secure enough. So if you know more, do let us know in the comments section.
Let us know what you think about all these different methods of securing your Gmail account. Do you think they work? What would you like to be added as a 2 step verification method? Is your Gmail secure?