How To Protect and Recover a Hacked Gmail Account

Despite all the recent issues regarding NSA and users’ data privacy, we all know Gmail to be one of the best email services available at the moment. It is free, has infinite(-ish) storage capacity, is reliable and is usually safe. The problem comes when someone breaks into your account.

Whether we are talking about stolen passwords or hacker attacks, no service or account is one-hundred percent safe. Gmail is no different. However, it offers some very important and useful security features which can prove to be vital and can protect your account from being hacked.

gmailsec-2factor

Two-factor authentication is a somewhat new login method, but that is also rapidly becoming popular. As the name implies, it is based on two steps: first, you input your password in the regular way, and then the service sends a text message to your phone with a code (or via the Google Authenticator app) that you have to input in the service in order to access your account.

Gmail also provides this feature, so you should definitely activate it in order to improve the security of your account. You can choose whether you want to use the second step each way you log in or you can mark a given computer as “safe,” therefore sparing the second step for that computer.

gmailsec-email

When creating a new Gmail account, the user is asked to provide a “recovery email address.” This recovery email address can be used to recover forgotten passwords and can also be used as a security system to which an email is sent if the original account’s password is changed.

This second scenario happened to me and caught my attention since I received an email (on the recovery email address) warning me that my password from the main Gmail account had been changed. I immediately realized something was wrong since I didn’t initiate a change of password. Even though the hacker gained control of my Gmail (for a short while), I managed to recover the account by changing the password using the recovery email address method.

gmailsec-phonerecovery

During registration, Google also asks you to provide a phone number to be used for password recovery. When you try to recover your password, Google sends a (free) text message with a code to the provided number, which you have to input into Gmail, just like in the screenshot above.

If the code is correct, you will then be taken to another page where your account’s password is reset and you can set an entirely new one.

gmailsec-passwords

We have been using passwords the wrong way. That’s right: we have been setting passwords that are hard for humans to guess but very easy for computers to crack. For example, an article by Baekdal shows that the password “this is fun” (with spaces as part of the password) is a safer password than “s$yK0d*p!r3l09ls“. The downside of longer passwords is that they are hard to remember – unless you use xkcd’s method, which consists of using several common words but in a not so logical way, yet with some logic so that you can remember them.

gmailsec-xkcd

If you want to use this method, use the xkcd Password Generator, which will generate a 4 word password. According to How Secure Is My Password? it would take 48 quintillion (this is 48 followed by 18 zeroes) years for a desktop PC to crack the password shown in the xkcd comic strip.

Do you find this advice useful? Let us know in the comments.