How To Protect and Recover a Hacked Gmail Account

Despite all the recent issues regarding NSA and users’ data privacy, we all know Gmail to be one of the best email services available at the moment. It is free, has infinite(-ish) storage capacity, is reliable and is usually safe. The problem comes when someone breaks into your account.

Whether we are talking about stolen passwords or hacker attacks, no service or account is one-hundred percent safe. Gmail is no different. However, it offers some very important and useful security features which can prove to be vital and can protect your account from being hacked.

1. Two-Factor Authentication


Two-factor authentication is a somewhat new login method, but that is also rapidly becoming popular. As the name implies, it is based on two steps: first, you input your password in the regular way, and then the service sends a text message to your phone with a code (or via the Google Authenticator app) that you have to input in the service in order to access your account.

Gmail also provides this feature, so you should definitely activate it in order to improve the security of your account. You can choose whether you want to use the second step each way you log in or you can mark a given computer as “safe,” therefore sparing the second step for that computer.

2. Recovery Email Address


When creating a new Gmail account, the user is asked to provide a “recovery email address.” This recovery email address can be used to recover forgotten passwords and can also be used as a security system to which an email is sent if the original account’s password is changed.

This second scenario happened to me and caught my attention since I received an email (on the recovery email address) warning me that my password from the main Gmail account had been changed. I immediately realized something was wrong since I didn’t initiate a change of password. Even though the hacker gained control of my Gmail (for a short while), I managed to recover the account by changing the password using the recovery email address method.

3. Phone Recovery


During registration, Google also asks you to provide a phone number to be used for password recovery. When you try to recover your password, Google sends a (free) text message with a code to the provided number, which you have to input into Gmail, just like in the screenshot above.

If the code is correct, you will then be taken to another page where your account’s password is reset and you can set an entirely new one.

4. Use Stronger Passwords


We have been using passwords the wrong way. That’s right: we have been setting passwords that are hard for humans to guess but very easy for computers to crack. For example, an article by Baekdal shows that the password “this is fun” (with spaces as part of the password) is a safer password than “s$yK0d*p!r3l09ls“. The downside of longer passwords is that they are hard to remember – unless you use xkcd’s method, which consists of using several common words but in a not so logical way, yet with some logic so that you can remember them.


If you want to use this method, use the xkcd Password Generator, which will generate a 4 word password. According to How Secure Is My Password? it would take 48 quintillion (this is 48 followed by 18 zeroes) years for a desktop PC to crack the password shown in the xkcd comic strip.

Do you find this advice useful? Let us know in the comments.

Diogo Costa
Diogo Costa

Diogo (@diogocostaweb) is a Biologist with a grip on computers and technology. Running Windows systems all his life, has a big interest in discovering new apps that increase productivity or simply make things more interesting. He lives in Portugal and has photography and music as main hobbies. He is also the author of the page, a page for short (but useful) computer tweaks and tutorials.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox