Saturday, June 1, 2013

Gmail Protection Steps

GMail Protection Steps - If you suspect your GMail account was hacked, or if you want to confirm you have a rock-solid Gmail profile, use these steps. 

If your account were compromised (and you can still get into your account settings), look at these areas for common hacking techniques. 

Related Articles:
If you got a text message "Your Gmail has been hacked" or "Your Gmail account has been compromised," do not bother with the steps in this article; instead see: SMS Message: Your GMail has been Hacked.

1.  Confirm recent Login History

From the main Gmail Inbox, look at the bottom footer.
Click "Last Account Activity: Details".
Confirm the login activity seems reasonable.

Click for Larger View; "X" to return

2.  Confirm Connected Applications and Sites

Make sure hackers have not inserted a new program or site into your Gmail environment.

Open Account Settings
(Click pull-down arrow next to your account-picture (upper-right corner on Gmail main screen),
then choose "Account").

Click left-Nav, "Security"
In "Connected Applications and Sites", click "Review Permissions"
(When prompted, type your password to open the screen)

Confirm all connected sites, apps and services seem reasonable.
Revoke Access if you have doubts.

3.  Check Account Access

a.  From Gmail, click the Gear Icon (upper right corner)
b.  Choose "Settings"
c.  Click top-row tabs, "[Accounts]"

d.  Confirm "Grant Access to Your Account" does not list other Gmail accounts.
e.  Confirm "Mark conversations as read when opened by others"

4. Check Forwarding

a. In the "[Forwarding and POP/IMAP]" tab
    Confirm you are not (auto) forwarding messages to another email address.

b.  In [Filters]
    Confirm there are no unexpected Filters (which can also be used to forward emails)

5.  Enable Google 2-Step Verification

Consider enabling Google's Google's 2-step verification.  With this, your account cannot be hacked -- even if the perpetrator knows your username and password. I have done this myself for better than a year and this is highly recommended.

With two-factor authentication, I login with my normal User-ID and password and then a few seconds later, Google sends a text message to my cell phone.  In a secondary Google login screen, I type the numeric code from the text message.  Only then can I open my account.  This technique works with both smart and non-smart cell phones.

It works like this: 
    Login with something you know (your credentials)
        + something you have (your phone)

The only way to get past this is to kidnap me and my phone.

What if you don't have your phone?  You can't login.  However, when you first engage this service, Google provides a short list of longer emergency codes that only you know.  Print these and file in a drawer should you ever need them. 

Setup Steps:
a.  From your Account Profile (click pull-down next to your Account Picture)
b.  Choose "Accounts"
c.  On left-nav, click "Security"
d.  2-step Verification "Edit"

Details on Google's 2-step verification can be found here: link:  Two-step verification

Related Articles:
SMS Message: Your GMail has been Hacked

Related articles: 
Keyliner Better, Stronger Safer Passwords
Keyliner: Using Google's Two-Factor Authentication
Keyliner:  Your Gmail account has been hacked

Google Account Compromised
Google has these instructions if your account were hacked and the password was changed:

No comments:

Post a Comment

Comments are moderated and published upon review.