A couple friends have recently had security scares with their Gmail account where they were worried that their accounts might have been hacked. I was emailing one of them about how to make sure that your account is safe, and I realized it might be handy to post this on my blog as well.
Here’s the email that I just wrote to a friend:
Here’s what I’d do:
- change your password (make sure you’re on google.com when you change your password)
- check for any strange activity. In Gmail, go to the bottom right and look for a message that looks like “Last account activity: 30 minutes ago. Open in 1 other location” and click on the “Details” link and look for any unusual logins, for example log ins from countries that you haven’t been in recently.
- Also check for weird forwarding rules. If hackers get into your Gmail, sometimes they’ll create a rule that forwards all your email to them. To check your filtering rules, in Gmail click on the gear icon in the top right, then select Settings from the drop down. Click on the link for “Filters” and just check whether there’s any rules that look suspicious to you.
In an ideal world, you’d turn on two-factor authentication like is described at https://support.google.com/accounts/answer/180744?hl=en . It’s more hassle to use two-factor authentication, but it makes your account much more secure against being hacked.
I’m a big fan of two-factor authentication, but I realize that casual users might not want to turn it on. My take is that it’s a lot better to set up two-factor authentication than worry about a hacked account.