5 Important Gmail Security Tips to Secure Your Account

Gmail security is a big one, seeing as it’s one of the most popular email providers in the world, and there’s a good chance it’s linked to other Google services you use – Drive, Calendar, Google+ – by means of your Google account.

So taking care of your Gmail account and making sure it’s not vulnerable to phishing scams, hackers, and other mishaps is as important as having a lock on your garden door. Here are five suggestions of good practice you should know about to bolster your Gmail security.

Two-Step Verification


The foundation of all account security, two-factor authentication/two-step verification, should ensure that no intruder can access your account, even if they have your password. It does so by sending a code to your phone each time you try to log into your account from a new device.

To switch this on, go to this page, then click “Get Started.” Simply follow the steps, enter your phone number, then enter the verification code when prompted. Once you’ve done that, you’ll have two-step verification enabled.

On the two-step verification homepage you can set up an alternative second step if you like, choosing from the authenticator app, backup codes, and a prompt from Google instead of a texted code.

Track Activity in Gmail Account


If you’re concerned that you have a hacker snooping around in your account (if, for example, emails that you haven’t read are being marked as read), then you should check the activity information on your account to see how and when it’s being accessed.

Open your Gmail inbox, scroll all the way to the bottom of the page, then at the bottom right corner, click “Details.” This will take you through to the Activity Information screen. From here you can see everything about how your account’s being accessed, and at the bottom of the page you have an option to “Show an alert for unusual activity,” which you should select.

If you want to be on the super-safe side, at the top of the screen select the option to “Sign out of all other web sessions” to close Gmail on all devices that may be running it apart from the one you’re using.

Control Authorized Access to Google Account


It’s easy to lose track of all the apps that you allow to access certain information on your Google account, and if you’re not careful there’s a chance you’ve handed over your email information, Google contacts and so on to a dodgy app that’s passing those details onto phishing scammers and spammers.

To manage the apps that have authorized access to your account, go to this page. If there’s anything on there that’s suspicious, or you simply don’t want it accessing your info, click it, and then click “Remove.”

Change Your Password When There’s a Security Breach

Whenever we hear about massive-scale thefts of user account information, such as the PlayStation Network outage in 2011 and the eBay breach in 2014 when 148 million users’ details were compromised, it can all feel distant, like it might not affect us. Probability-wise, that may be so, but are you comfortable knowing that your current login credentials are out there, possibly ready to be used and abused by the highest bidder?

Whenever you hear about a breach like this, even if it’s unverified (such as this apparent sale of Gmail accounts on the Dark Web back in March), err on the side of caution and change your password. And make sure it’s a good password at that, or ideally a randomly generated one using LastPass or similar tool.

Check Your Settings for Email Forwarding and Delegates


Sometimes a hacker just needs to access your account once in order to continue seeing everything that you do on it. A hacker may have set up a forwarding email address for your important emails, for example, or granted themselves access to read emails on your behalf as a ‘delegate.’

To make sure this skulduggery isn’t happening, go to your Gmail account, click the Settings cog at the top right, then go to “Accounts and Import.” Check that there aren’t any emails next to the “Grant access to your account” heading, and make sure to “Mark conversation as read when opened by others” so that it’s easier to spot any illicit activity.

Then, click “Forwarding and POP/IMAP” and make sure there aren’t any forwarding addresses set up on your account. If you do spot any dodgy business here, then as well as removing any email addresses that shouldn’t be there, make sure to change your password immediately.


These are some of the ways you can ensure your safety on Gmail. There are others too, of course, and it goes without saying that you should never open suspicious emails and definitely never enter your Gmail details after clicking through on an email you’re not sure about.

Robert Zak Robert Zak

Content Manager at Make Tech Easier. Enjoys Android, Windows, and tinkering with retro console emulation to breaking point.


  1. There is only one fly in the ointment. Google may protect your account from hackers but who/what is going to protect your account from Google data gathering?! The best way to protect your email account is to use a service like Proton Mail, not GMail.

    1. @dragonmouth
      I’ve been looking for you to comment somewhere. This isn’t on the subject of gmail but I wanted to let you know I ended up installing pclinux mate desktop 64 bit edition because of your recommendation and you’re not gonna believe this. This is the only linux distro that actually saw and installed all of my hardware including even my mediatek mt7630e wifi chip without me doing anything. And it actually works perfectly and doesn’t disconnect and connect nonstop. Isn’t pclinux the successor to Mandriva Linux? I used to love Mandriva and to me this seems as good if not even better then Mandriva was. Also I was really impressed as to how fast firefox is in pclinux as compared to the other distros. So once again I owe you big time! Thanks again!

      1. Congrats on finding ‘your’ distro. I hope it serves you well. Just be ready for 3-4 updates a week. :-)

        Mageia is the direct successor to Mandrake/Mandriva. PCLOS is a hybrid of Mandrake and Debian. It uses both .RPMs and .DEBs. If you liked Mandrake/Mandriva, you should try ROSA which is a fork of Mandriva.

  2. Track Activity: Open your Gmail inbox, scroll all the way to the bottom of the page, then at the bottom right corner, click “Details.”

    “Not in android”. This is a recurring problem with this site. No thought as to how readers access apps. I only use my Windows laptop once in a blue moon nowadays (security updates and app access not available via android). You really need to make it clear in your articles which OS you’re talking about so readers like me don’t keep waste time searching for options that simply don’t exist in android.

  3. Gmail is no more secure thsn a baby is on a playground.I tried Google’s infamous 2-step verification..guess what, I have been locked out of my primary account since July 9th, 2017.I didn’t remove my old phone number before changing it.So now the verification code goes to my old number.Every time I fill out the Account Recovery form..Google’s robot Lily sends me back an email claiming the account isn’t mine.I think this 2-step mess is a scheme designed to gather data from certain users.I have sent Google playstore receipts screen shots, bank info, etc other senstive info and still they refuse to give my account back.I can only use the mobile app Gmail and Google playstore but can’t use web version of gmail.Any suggestions?

Comments are closed.