I was just thinking about passwords and security the other day, and I got a little electric jolt.
“What if my Gmail accounts got hacked?
How in the world would I get them back?“
My accounts are my identity and lifeblood online.
If they got hacked, I’d have to call Google, for sure.. but how would they know it’s me and not someone posing as me?
They’d need personal information, right?
So here’s the MINIMUM of what you should do with your Gmail account.
There is much more of course, like making all your emails copy over to another email address as safekeeping, but here are some quick essentials.
It takes about half an hour for each email account, and 20 minutes thereafter as you start to get quicker at it.
1. Associate a phone number with your Google Account
If you use Gmail and don’t know how to get to your Google Account:
Settings (Top Right) > Accounts and Import > Google Account Settings (At the bottom)
Select: Password Recovery Options
Enter in a mobile phone number so that you receive an SMS text with a password-reset code on it to your cellphone.
This way, any time someone tries to reset your password (and it isn’t you), you will get texted.
2. Set up another Gmail account JUST for a password reset
I had to do this for all my email addresses.
You can name it something similar so you remember it.
So if you have an email address called: ilovegmail@gmail.com
Then name your password reset gmail account as: ilovegmailpasswordreset@gmail.com
Or something to that effect.
What to remember:
DO NOT use this email address for anything else.
Give it an entirely different password.
For each email address that was a password reset one, I gave them each a different password from the rest.
Just log into it once in a while, manually with a wired internet cable to keep it fresh, but leave it be.
Do not forward those emails from your Password Reset account to your regular account. It just defeats the purpose of having it there.
Set up in your Google Calendar a reminder to log in every 3 – 8 months so you don’t miss the deadlines and your account won’t be deleted.
Note: It’s really 9 consecutive months, but I like leaving a month out just to be sure.
3. Record down these 4 important bits of information:
This is just in case you need to call Google and they will have to verify you are who you say you are.
Your first email ever received
- Sender
- Subject
- Date
- Time
To find your first email do the following:
All Mail (Under Labels) > Oldest > Scroll to the bottom
…And your first email ever sent
- Sender
- Subject
- Date
- Time
Click on Sent Items (Under Labels) > Oldest > Scroll to the bottom
Your list of personal Labels
If you use this function, you probably have something like:
- Friends
- Work
- Family
- Project A
- Event B
Write them all down, and keep them safe for just in case something happens. Google will want that info.
Your top 20 contacts
Click on Contacts (On the right) > Export (Upper right of the box) > Select: Most Contacted
And export it in whatever format you’d like.
Re-label it, and store it in a safe place so you can refer back to it just in case you need to.
4. Don’t record questions or answers that are easy to find out
Such as mom’s maiden name, your high school, first pet, favourite colour… you get the drift.
Pick something totally, utterly random and obscure, WRITE YOUR OWN QUESTION, and make sure that only you would know what you are referencing.
Examples of Random “Write your own Questions”
- Colour of that sweatshirt I stole from Linda the night we both fell in the pond
- Place where I danced to the tune of that old Audrey Hepburn movie I like
TOTALLY RANDOM things.
5. Do the same info recording for your other Google Accounts
Most notably Feedburner, Adsense, Orkut..
Anything that is linked to your Google Account in some way, that you will need to verify.
Write down specific information from each account and store it.
6. Set your Gmail to always use https
Click on Settings > Always use HTTPS and Save.
It’s a secure connection, and may take you longer to navigate and use Gmail but is well worth it
7. Check out your Activity Details Log at the very bottom of your Gmail screen
See what IP addresses are accessing your mail.
Click on Details and a window will pop up:
The window should only show ONE IP address — yours.
(Not my IP address shown below)
Passwords can be hacked, but don’t be an easy target
Remember: do not use passwords like “God” or “password” or “qwerty”.
They are easily hacked and guessed.
Do a twisted combination of UPPERCASE, lowercase, numbers, and symbols if you can.
If you have a hard time remembering passwords, think of a sentence that means something to you, and take the first letter of each word, and substitute words like “for” or “to” with numbers instead.
Feel like doing more?
Check out these sources for more paranoia:
- Labnol.org: This is where I got most of my wonderful info above.
- Little Miss Moneybags: A wonderful overview of security in general for 2010
Just a girl trying to find a balance between being a Shopaholic and a Saver.
I cleared $60,000 in 18 months earning $65,000 gross/year.
Now I am self-employed, and you can read more about 
Thanks for sharing that. I always tend to think I'm "invincible" but I should probably start protecting my identity as much as I would my SSN and Credit Cards.
P.S. I'm soooooo close to being credit card debt free…I've been inspired by your blog. 😉
I am starting to be a little more paranoid about my info and cards. When anyone asks me my postal code, I decline (marketing purposes), or if they ask me to give a SIN number for identification for something, I go the super long route with passports and all that.
And congratulations on almost being debt free!!
Thank you for this, I'm embarrassed to say I didn't have any of these safety nets in place :/
I didn’t either! But better now than never, or when you’re regretting it.
I have a confession: everytime you do a post like this on life organization / technology tips, I bookmark it. I thought using the https setting was enough, but clearly there is so much more we could all do to protect our (online) identities and they aren't difficult things.
Love the dedicated password reset account and the random question.
Aww.. thank you 🙂 That’s so nice to hear that.
I feel like I should do more. I have so much bursting out of my head, but I don’t want to bore people who aren’t very tech-y.
I’ll have to think of others. Maybe a Google Reader primer or something.
Thanks so much for sharing this. I've had reset my Gmail account once before, I'm not really sure why. I use some of their other applications like Google Documents which contain important information. I would certainly like to protect it as much as I could. I did most of the things you recommended.
Sounds good. I hope you’re super protected
I went over board with the password on my reset email address. I made it 50 characters long or something whacky like that. Haha!
These are GREAT tips. I'll have to do all of this when I get home tonight. Thank you!!
Any time!
Can you imagine if our accounts got hacked? THE HORROR!
Thanks for the link! You just reminded me that I never did take out and photocopy all my credit cards, so I'm going to do that today!
You are VERY welcome.
I’m mentally going through the rest of my “VIP” accounts and cards, and I think I have it under control now, but the photocopying part has to get done when I am back in Montreal
Excellent post as I know a ton of people in the last few months whose gmail account got hacked. One good thing is that gmail has made the HTTPS feature standard now for every user. This is the main way most people's account gets hacked, when they log into gmail from a public computer, now they will always be logging in via HTTPS.
I don’t really use public computers, but I have had to, on a couple of occasions.
Still, it’s better to be safe than sorry
Great post fb…and very helpful; I didn't know where to start with all this 🙂
I didn’t either, but it’s helpful to know how to protect one of your very most important online IDs