Like all of your Internet activity, it is important to take all available precautions to make sure your email account is secure as possible. Recent malware and phishing scams have affected some Gmail users, and while this is not indicative of security problems with Gmail itself, it is a reminder that Gmail users should check their settings to make sure their Gmail accounts are as secure as possible. Here are a few ways you can make your Gmail account more secure:
Enable 2-step verification. This security feature uses a phone and a second password on sign-in, adding a second layer of security by requiring you to have access to your phone in addition to your username and password. This Gmail feature prevents someone who has guessed or stolen your password from logging into your account without also having your phone. To set up 2-step verification, go to your account settings page and look for the “Using 2-step verification” link under Security, and then click the link to start the setup process. To use the 2-step verification using Gmail (or any other Google product), log in with your username and password. You will then be prompted to enter the verification code, which you will get from your phone. (Google notes that you will only have to do this once every 30 days if you choose.) Non-browser applications and devices that use your Google account will stop working soon after you turn on 2-step verification, and you will need to sign in using your username and a special password you generate for this app (but only once for each device).
Use a strong password. Creating a password that is long and includes special characters will help keep your Gmail account more secure. According to research by Thomas Baekda, the complexity of a password determines its security and ability to be compromised by hacking. If your password takes too long to try to hack, it is a secure password, and factors like network latency, bandwidth, and server speeds limit the number of requests a hacker can make on your password. To make a password that is complex but also hard for others to guess, Baekda suggests using a three-word phrase separated by a special character — such as a space — between the words. You should aim for something easy to remember and use less-than-common words, such as the example Baekdal provides: “fluffy is puffy.” This phrase would make a secure password as a hacker would need much more than a common word dictionary to crack this password, while you actually can still remember the password.
Additionally, only sign into to Google at a proper sign-in prompt like https://www.google.com. Google notes that it will never ask you to email your password to Google. Also, Google suggests checking your Gmail settings for suspicious forwarding addresses or delegated accounts to make sure your account has not been compromised.