Some of you might be aware of the flurry which took over the blogosphere for a few days after the MakeUseOf blog broke the story about a gmail vulnerability which led to the hijack of its domain by a hacker (cracker, to be more specific).
As many blogs discussed this matter and speculated on Gmail’s security features, Google finally reacted and mentioned that it wasn’t due to Gmail, but due to a phishing scam.
Although I don’t agree with Google’s argument, as you can see in this comment thread at Lifehacker, the fact remains that like most of the web workers, I love Gmail and I can’t even think of using any other email application.
Keeping that in mind, it’s important to take every preventive measure possible to avoid any compromise of your Gmail account. Here are a few tips for Gmail users that are concerned about security. Note that most of these tips are recommended by Google itself and hence are extremely important.
Always Use HTTPS
This is a very important security feature introduced by the Gmail team recently and every Gmail user must know it. In Gmail, go to “Settings” and under the “General” tab in “Browser Connection” click “Always use https”. Then click save. That’s it! Such a simple step could add an extra layer of security to your Gmail account.
Check Your Filters Regularly
All the Gmail vulnerabilities which have been reported so far involve the setting up of malicious filters and email auto-forwarding. Hence you should check them regularly by going to your Gmail settings and make sure that you don’t see anything suspicious there.
Check For HTTPS
Yes, no matter where you login to your Gmail, make sure the url in the browser address bar starts with https:// and not http://. As Google says, “we recommend you only ever enter your Gmail sign-in credentials to web addresses starting with https://www.google.com/accounts, and never click-through any warnings your browser may raise about certificates.”
Don’t Use Gmail In Browser ( Only If You Want To Be Extremely Cautious )
This would be a tip for those who are really concerned and can do without Gmail’s web interface. Since most of the security issues reported so far are browser based, you might just want to avoid opening Gmail in browser completely and instead, access it through IMAP or POP.
I personally don’t do it because I am addicted to Gmail’s web interface. 🙂
Don’t Disclose Your Password
Sounds simple, isn’t it? Believe it or not, this is a major reason why email accounts are compromised. I’ll give you an example. Are you on sites like LinkedIn, MySpace or Facebook? If yes, then you probably know about their friend finder feature where you can enter your Gmail account and password and they check your contacts list and let you know if your friends are on the respective services. Well, when it comes to such reputed sites you could trust them, but don’t just start doing this on every other site.
Also, beware of emails which ask you for your Gmail account credentials. Gmail would never ask you for that, so you can be sure that they are phishing emails which you need to stay away from.
This isn’t a security tip but certainly a very important thing to do if Gmail serves as your primary email account. I mentioned a few tips to backup your email in my previous post on important backup strategies for your PC. There’s another great way to back it up using Thunderbird along with some extensions, as Lifehacker mentions here.