Secure your gmail account today
How devastating would it be if your gmail account was hacked? Do you have financial data in there? Could someone who has access to your gmail start changing the passwords to your financial websites? Is your gmail password more than 48 characters?
Having your email account become compromised is probably the worst thing that could happen to you, digitally speaking. It is worth your time and effort to secure your account. Spending an hour securing your account today will prevent you from having to spend many many hours recovering from a hacked account in the future. I’m going to detail some important information for you about how to do this.
Passwords:
Step #1 is very important. You need a good password. If a very recent analysis of the passwords leaked from Sony is any indication you do not have a good password. The easiest way to start fixing this is to install and use LastPass. I will write more about LastPass another time, but it makes it very very simple to mange very complicated passwords. If you don’t want to use that though you need to get a better password. There are lots of good ways to create a strong password, but Steve Gibson at grc.com has some very good ideas about this. You should read this article on Haystack Passwords. It tells you some easy ways to create very secure passwords.
Two Tier Authentication:
If you don’t know what that is let me break it down for you. Your bank probably already uses an example of two tier authentication already. When you log in you enter your username/email and password; that’s tier one. Then you are asked for a second piece of identifying information, such as “What was the name of your first pet”; that’s tier two. Two is better than one right? If someone get’s your password they might get stymied by the second question. It’s like having two locks on your door. Stealing one key doesn’t let you get in. But stealing your keyring might mean that the person gets both keys, so two tier authentication works best when the second form is a completely different kind of security.
Enter Google two-tier authentication. In addition to your password you must also authenticate through a second method. Google currently has 2 options for tier-two authentication: an iphone/android app, and phone SMS. Adding either one of these authentication methods to your account makes your account inaccessible by anyone who does not have access to your phone/mobile device.
Google’s options for two-tier authentication has two benefits: first you get a second level of security in front of your account rather than a single point of failure (weak/compromised password), and second the person who wants to log into your account must have physical access to your phone which is a very high bar to clear. Your spouse or significant other could pull it off but anyone else is probably out of luck. This kind of security makes the likelyhood of your account being compromised virtually non-existent. It doesn’t require you to have a smartphone either, if you don’t have a smartphone you can simply configure Google to send you a SMS message to your phone’s text plan.
For convince you can have Google only ask for your second tier of authentication every 30 days for a given computer. This means that on your primary system you won’t constantly be required to get your phone out to authenticate on Google’s services. This is a perfectly safe practice since Google requires you to re-authenticate anytime you try to change your login information. Google also gives you a couple of one time use passwords to print off, it’s a good idea to print these off and stick them in a desk drawer in case somewhere down the road you lose your phone or any other authentication information.
I urge you, if you use Gmail as your primary email and have other accounts tied to it, turn on two factor authentication right now.