Tip / howto: Using your gmail account securely

 
Note that these tips are mostly outdated


back to notes and tips index

Try my online puzzle page with Calcudoku, Killer Sudoku and online Sudoku.

Using your gmail account securely

Here are some notes on keeping your gmail account secure. These also apply to all you Windows and Mac users out there.

Google already has an informative page on keeping your gmail account secure, which I comment on below. After that there are some added notes for the truly paranoid :-)

First, a run-down of Google's recommendations:

  • check for viruses and malware
    Absolutely. Some nice free products: Avast antivirus, Zone-Alarm firewall, and Ad-Aware anti spyware software. The best option is, of course, to use a Mac or Linux and not bother with virus scanners and such
  • change your password at least twice a year
    This is a bit arbitrary. I change my password only after I am forced to access my gmail account from someone else's Windows PC (some more on that below)
  • perform regular OS and browser updates
    Yes again. On Windows, turn on automatic updates. On any OS, use the Firefox browser (or Opera or Safari). Under no circumstance use Internet Explorer
  • never use your google account password on another website
    "See which of your gmail contacts are already on LinkedIn", etc.
    Never ever do this, never type in your gmail password in a different website
  • protect your password
    The header doesn't really cover the advice on Google's page. Never send any password via e-mail. In general, if you register on a site, and it sends you your username and password via e-mail, you can assume your login to that site is compromised
  • update your secondary email address and your security question
    Yes, and ideally pick your own question for the security question. Obviously, do not use questions like "What is your mother's maiden name"
  • use a secure connection when signing in
    I don't know why Google doesn't make this the default setting. To set the connection to always secure (encrypted): click on "Settings" (top right), and under the "General" tab, at "Browser connection", select "Always use https". Then click the "Save Changes" button at the bottom

Some more advice:

  • pick a secure password and write it down
    Pick a combination of random numbers, letters, and at least one symbol (!,-, etc.). For the letters you could pick a short, easy to remember sentence, and use the first letter of each word. Also, there's nothing wrong with writing down the password in an inconspicuous place (somewhere in an address book, for example)
  • never access your gmail on someone else's Windows PC
    And especially never access your gmail in an Internet café. If you think I'm exaggerating, work on an Internet café PC for 15 minutes with a USB stick in the PC. Back home, run a virus scanner on the stick. If you really must access your account on such a PC, do the following:
    • open notepad (Start → Run → notepad)
    • type a lot of random letters, numbers, and symbols into notepad (making sure they contain those of your password)
    • copy and paste the characters of your password one by one, mixing it with occasionally actually typing a password character (yes, there is spyware that also monitors the copy+paste buffer, unfortunately)
    As soon as you're back on a trusted computer, change your gmail password
  • never send login information via e-mail
    Always use a secondary channel if you have to send passwords (for example, the phone, skype, etc.). Do not use a regular chat program for sending login information, unless it has an "encryption" option and you're sure it is enabled
  • use gmail
    Finally, use gmail for your e-mail instead of webmail from companies with appalling security records (e.g. hotmail) :-). Always access gmail using a bookmark, or by typing mail.google.com in your browser's address bar (if you forget, you could search Google for "gmail" :-)


← back to notes and tips index
Please do not copy the text of this tip (© Patrick Min) to your web site.