Given the recent press around the hacking of Mat Honan’s Gmail account, Gmail security is top of mind. Honan is former senior reporter for Gizmodo and now a writer for Wired. In this three-step article we address challenges around email security including a look at specialized Gmail settings and best practices to keep your email secure.
Giving someone keys to your email account – voluntarily or involuntarily – is equivalent to giving them keys to commit identity theft. These days we get everything emailed to us – receipts for purchases, credit card and bank account statements and loan documents. It’s unquestionably worth investing time to make sure your work area is secure.
Think of your access to email in three layers: the computer you’re using, the email application itself, and your habits while online. The sum of these three layers is your overall Gmail security level; a weakness at any point can zero out the whole equation. We’ll dissect each Gmail access layer and point out possible security pitfalls.
Part One: Your Computer
It makes sense to start with securing your computer since that’s the foundation of Gmail access. The first order of business is to check for updates to the computer’s operating system (OS) – which for most users is either Microsoft Windows or Apple OS X.
In Microsoft Windows, click Start > All Programs > and click on Windows Update. In the window that comes up, click the Check For Updates link (you’ll need to be online to do this). Windows Update will find and automatically select the most important updates; all you have to do is click install and possibly restart when it’s finished.
In Mac OS X, click the Apple menu > Software Update. This will open the App Store and display a list of available updates; click Update All to begin the process.
It’s of vital importance to keep your operating system up-to-date; the OS controls all Internet communication on your computer. Any vulnerability there will affect all of your online interaction!
Next let’s check if your web browser is up-to-date; this is almost as important as the OS since the browser is the one processing all the Internet traffic, Gmail included.
Internet Explorer: patches for Internet Explorer will automatically be applied with Windows Update (see above).
Firefox: open Firefox and click the Firefox button at the top. Mouse over Help and click About Firefox; it will check for updates and start the download. Click the Apply Update button when it shows up.
Google Chrome: Click the wrench icon to the right of the address bar and then About Google Chrome; it will automatically check for and apply updates.
Apple Safari: for OS X users, updates will be applied by using Software Update for the OS. For Windows users, launch Apple Software Update (Start > All Programs > and click on Apple Software Update) to begin the process.
The last step to secure your computer is to make sure anti-virus software is installed such as Norton or McAfee. Microsoft Security Essentials is free and a solid alternative to paid solutions for Windows users if you don’t already have anti-virus. Keep in mind this software is a last line of defense; it will deal with any malicious software that gets through your OS and browser.
Part Two: Change Gmail and Google Account Settings
You can setup two-step verification on your Google Account to go beyond simple password security. You’ll have to enter not only a password but also a code sent to your phone by Google in order to access your account. This means someone trying to hack your Gmail account will need not only your password but also your phone to get in. It’s a no-brainer to set this up. Google has a two-step verification walkthrough here.
Another important setting pertaining to Gmail itself is the use of a secure or SSL connection. An SSL connection encrypts the data going out of and coming into your computer; this means the data is unreadable even if intercepted; it can only be decrypted by your computer and the server on the other end.
Login to Gmail and click the gear icon on the right side of the screen; then click Settings. The fifth category down is Browser Connection; select Always Use HTTPS. Then scroll down and click the Save Changes button.
Part Three: Good Practices to Stay Safe
You can defeat all of the above security precautions if you get up and walk away from your computer without locking it or at the very least, signing out of Gmail. This is especially true of computers other than your own in public places, such as hotels.
Tip: on public computers, make use of a web browser’s privacy mode. Press Ctrl + Shift + P to enable privacy mode in Internet Explorer and Firefox; in Google Chrome, press Ctrl + Shift + N; in Apple Safari click the gear icon and then Private Browsing (or in Mac OS X, choose Safari > Private Browsing). The browser won’t remember any history or passwords in private mode. Remember to close the browser though!
The last area we’ll address concerns passwords. Even if you don’t write them down it’s still possible for someone to guess your password. The solution is changing your password often – and making it something hard to guess! Your pet’s name is not acceptable. Ideally make the password a phrase instead of a single word; include lower and upper case letters, at least one number and a special symbol such as an exclamation point. “1 L0ve to Re@d!” is a good example.
The tips in this article aren’t once-and-done tasks – it’s necessary to rinse and repeat to keep your Gmail security at its best. Check for software updates on a regular basis, change your passwords, and please never get up from your computer without signing out of Gmail or locking your computer. Letting someone voluntarily or involuntarily have access to your email is equivalent to giving them a license to commit identity theft!