Geekflare
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
By Karrar Haider in Security  |  Last updated: April 20, 2023
Share on:

Everything You Need To Know To Fortify Gmail Security

Everything-You-Need-To-Know-To-Fortify-Gmail-Security
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

I am not going to doubt you are using a weak password for your Gmail account, but even a strong password is enough to secure your Gmail account? With phishing attack rate at its highest and social engineering attacks on the rise, there are many ways your account can be hacked or data inside stolen.

Your email account is a gateway to a plethora of sensitive information and sign-ups to numerous services. Therefore, taking chances with its security could have disastrous consequences. However, fear not; with a little bit of setup and being mindful of some things, you can fortify your Gmail account security.

In this post, I am going to tell you all the measures you can take to secure your Gmail account and the data shared through it.

Importance of Gmail Security

Importance-of-Gmail-Security

Getting an online account hacked isn’t always the end of the world. A social media account could lead to some embarrassing posts, or if it is an account for an online game, you might lose some in-game currency/items.

However, when it comes to your Gmail account, the impact can be drastic. From financial losses to the loss of extremely sensitive data, anything is possible.

Below are some possible outcomes if a Gmail account gets hacked or its data is stolen.

  • As most people use the same Gmail account for all Google services, your hacked Gmail account will also lead to all other Google services getting hacked.
  • The hacker can reset the passwords of all your registered accounts with other services to access them.
  • They can use their saved card in the Google account to make purchases, such as buying Google Ads for their own product/service. Pretty common if you make purchases on Google Play Store as Google makes the card available on all of its services.
  • If sensitive work-related data is shared on your Gmail account, your whole company may suffer.
  • Using Gmail settings, they can get permission to write emails on your behalf using their own email account. It can be very dangerous in a targeted attack.
  • A hacker can lock you out of your account permanently, and you’ll lose everything. If done right, you can’t do anything to prevent them from impersonating you.

Gmail Security Options

There are many built-in ways you can secure your Gmail account and the data inside it. Some of them you can activate to improve protection, and some you can keep a tab on to ensure no one is secretly using your account. Let’s take a look:

#1. Add Recovery Phone Number and Email

In a hacking attempt, hackers usually prefer to lock you out of the account if possible so they could not only steal information but also impersonate you. Having a secondary email or phone number to recover your account is a must not only to recover your account but also to identify you in case of suspicion.

I’ll recommend you add both an email and a phone number so you may have multiple options to recover your account. To do so, open Gmail and click on Manage your Google Account in the Google Account menu at the top-right corner.

manage-google-account

Here move to the Security section in the left panel and scroll down to the Recovery phone and Recovery email options. You can add a secondary email and your phone number here. Google will send a confirmation email and message to verify both recovery options.

recovery-options-gmail

#2. Enable 2-Step Verification

Enabling 2-step verification is the best protection you can give to your Gmail account. As the hacker would need access to both your email password and your phone, it becomes very difficult to hack.

Gmail offers multiple ways to authenticate logins, including phone numbers, signed-in phones, authentication apps, and security keys (physical and phone keys).

To enable 2-step verification, go to Google Account Settings again and move to the Security section in the left panel. Here click on the 2-Step Verification option under the How you sign in to Google heading.

enable-2-step-verification

If you are logged into a phone with the same Google account, it will ask you to use it to authenticate. You can also choose to use other options by clicking on the Show more options button.

phone-prompt

On the next page, it will ask you to provide a phone number that will be used for authentication in case the first option isn’t available. You’ll have to authenticate the number by typing in the code sent to it.

2-step-verification-gmail

After authentication, 2-step verification will be enabled, and you’ll be asked to authenticate whenever you need to log in. You can also scroll down on the resulting page to see more secondary options to authenticate.

more-backup-steps

#3. Remove Unrequired Apps Access

Giving free access to every app you want to use can be dangerous as developers can negatively use the permissions to steal information. You should remove access to any app or game that you no longer need to use. Don’t worry, this won’t delete your data from their servers, you can give permissions later if needed.

To see all the apps with access to your account, go to the Google Account Security setting and open the Third-party apps with account access option.

app-access

Here click on an app/service to see exactly what it has access to. You can click the REMOVE ACCESS button to remove its access if you don’t need it anymore. Repeat the process to get rid of apps you don’t use.

remove-app-access

#4. View Account and Security Activity

To make sure your account is not being accessed by someone else or that no login-related setting has changed, you can view the account activity and security activity page. The account activity page will show you recent access to your Gmail account with time and location, and the security activity page will show recent security changes related to logging in.

To view account activity, open Gmail and scroll to the very bottom. You’ll see a Details link here; click on it.

account-details-button

This will open a new window listing type of device, time, and location that opened Gmail.

account-activity

To see security activity, go to Google Account Security options and open the Recent security activity option. It will also show the device type and location from where the changes were made.

review-security-activity

#5. Check Email Forwarding and Account Access

Gmail has built-in features to allow other accounts to view your emails and even reply to or compose new emails for email efficiency. If someone accesses your account, they can enable these options to access all your emails in the future to steal data and even scam your contacts by impersonating you.

If you are in doubt, take a look at these options. Click on the gear icon at the top-right corner of Gmail and select See all settings. Now move to the Accounts and Import tab and make sure the Check mail from other accounts and Grant access to your account options have no unknown emails allowed.

account-and-import

Afterward, move to Forwarding and POP/IMAP tab and make sure no unknown email forwarding address is added.

email-forwarding

#6. Use Confidential Mode

Gmail’s Confidential mode offers a bunch of ways to share sensitive information with others and make sure only the intended recipient gets the email. It will let you send emails that will expire after a set time, and the recipient won’t be able to copy, download, forward, or print the email.

It can also add a double layer of security by only opening the email if the recipient authenticates it using their phone.

To use Confidential mode, click on the padlock icon at the bot of the email compose window. A small window will pop up where you can configure security settings and save them to apply to the email.

confidential-mode-1

Gmail Security Add-ons and Extensions

There are a bunch of Chrome extensions and Gmail add-ons that can further improve the security of Gmail accounts and data. If you are concerned about your Gmail account, you should surely get them.

#1. Virtru Email Protection

Think of it as a beefed-up version of Gmail’s Confidential Mode. Virtru encrypts your emails from draft to delivery, so even Google can’t see when you are composing them. Using the new buttons in the compose window, you can disable interaction with the email, set expiry date, watermark attachments, and add protection to attachments even after downloading.

virtru

Although do keep in mind that this also disables the native email scheduling feature when active.

#2. Avast Online Security & Privacy

Avast Online Security & Privacy has a bunch of features to protect your online activities. However, I mainly adding it here for its phishing attacks protection and dangerous website alerts. Phishing attacks are one of the most common ways of hacking to steal credentials. As Gmail is the biggest email service, its users are commonly targeted for phishing.

avast-chrome-extension

This extension will warn you of any phishing attempts and also warn you about suspicious websites that might try to steal information or download something malicious.

#3. Ugly Email

There are many services that let users track their emails sent, including when they open and how often. This is surely a privacy concern but can also be a security issue if you are trying to avoid someone. Ugly Email disables such trackers from all emails, you just need to install the extension.

ugly-email

#4. Password Alert

A simple yet very handy extension by Google for Google account security. Password Alert warns you whenever you enter your Google account (i.e., Gmail account) password anywhere else other than the official Google website. This can not only protect you from phishing attempts but also discourages using the same password somewhere else.

password-alert

#5. Retruster Secure

Retruster Secure is a Gmail add-on that works alongside Gmail spam protection to warn about suspicious emails and phishing attempts. It also provides extra details about the email, like originating location and any domains specified.

retruster-secure

Gmail Security Tips

Gmail’s built-in security measures and third-party tools aren’t enough to fully secure your account. You need to follow security practices and ensure the device you use to access Gmail is secure as well. Below are some things you can do to minimize the chances of your Gmail account getting hacked or data stolen:

Secure Your Browser

First, make sure you use a reputable browser that offers reliable security features. Google Chrome and Chromium-based browsers have powerful security features that can keep you safe while logging in to Gmail and using it.

chrome-security

You should also go into the browser security settings and enable options that could fortify online protection. You can check out this Google Chrome security guide to get an idea of how to secure your browser.

Secure Your PC

You should also ensure your PC is secure, as hackers can use malicious apps to steal data, such as key-loggers. Usually, using a good antivirus app is more than enough when it comes to the security of your Gmail account. I recommend using Avast One as it not only protects your PC but also your online activity.

YouTube video

If you want to be extra secure, you can try some other apps like network trackers or a VPN.

Remove Unrequired Extensions

Just like with access to your Gmail account, extensions can also have permission to view your Gmail account and even make changes. The ones made with nefarious intent can be a security issue.

You should only install reputable extensions with good ratings and preferably lots of users. Furthermore, only use extensions that you absolutely need and delete or disable the rest. This will also boost overall device performance.

Don’t Open Suspicious Links

Gmail or your security program can only warn you about a malicious webpage, you can still access it if you want. Most phishing attacks are not successful because they go undetected, but rather the user thinks that it was fine to access it before, so it must be a false positive.

suspicious-link

The same goes for warnings on downloaded files, especially if they are zipped files. Don’t take the risk, as simply opening a malware program is enough to get the PC infected.

Use a Password Manager

Considering you are already using a strong password, I am sure you’ll need a password manager to easily log in. However, don’t use your browser’s built-in password manager as it’s protected by the PC password and not as secure. You should get a third-party password manager that offers strong protection.

YouTube video

1Password is great for this purpose as it encrypts all your passwords with a master password and lets you enable 2-step verification for utmost protection.

Ending Words 👨‍💻

At a minimum, you should use a strong password and have 2-step verification enabled with multiple authentication methods. This will at least ensure your account will be very difficult to hack. Although the rest of the tools and suggestions will ensure the best protection, especially if you use Gmail for work.

You may also explore the best ways to manage multiple Gmail accounts at the same time.

Tagged as
Thanks to our Sponsors
More great readings on Security
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti
    Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Brightdata
    Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush
    Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder
    Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder