SEXPANDIf you're like us, the keys to your life are kept within Gmail's walls. Make sure they're safe by following a few simple guidelines. The web apps experts at Stack Exchange offer a few must-follow tips.
I have seen lots of horror stories about people who have lost control of their Google account, especially Gmail. How can I prevent the same thing from happening to me? What steps can I take to protect my account before I lose control of it?
See the original question here.
Google Guidelines (Answered by Al E.)
Google offers quite a few tools to help you keep unwanted persons out of your account, but they only work if you activate them.
Keep Your Account Recovery Options Up to Date
Mobile telephone number: If you forget your password, or if there is unusual activity on your account, Google can send you a security code via SMS for you to prove you are who you say you are. If someone has your account password it's quite unlikely they've also got your mobile phone. Google will only use your number for security purposes. Important: Keep this up to date! This won't be of much use if Google sends security codes to a phone number you no longer use.
Recovery email address: Similar to the mobile phone number, this is a different email address where Google will send security codes and other important security messages, like when you've forgotten your username and/or your password. If you don't have a second email address, you can always use the email address of someone you trust (like a spouse).
Alternative email address: This is different from the recovery email address in that this is a second address that you can use to sign in to your Google account. It also cannot be a Gmail account or an address that's associated with a different Google account.
This may be the single best way to protect your account. When you log in from an untrusted device, you'll be prompted not only for your password but also for a six-digit code sent to you that's unique for your device. Even if someone has your password, if they don't have access to your secondary device where your code is sent, then they can't complete the login.
In case of emergency (if you've lost your phone or its battery dies), you can also generate a list of ten one-use codes that you can print out and keep in a safe place to use when accessing Gmail from a previously untrusted device. Notice, that "two-step verification" is not necessarily the same as "two-factor authentication," which can be even tougher to crack.
Use a Strong, Unique Password
There are lots of places to get advice on how to create a strong password online, so I won't belabor it again here. Just as important, however, is to never use the password for your Google account anywhere else. Every month it seems there's news of a site that has had user credentials stolen. While you may not care about the data that was on that site, since so many people re-use passwords that's where the value lies for the bad guys.
Think about it: If you forget the password to your bank account, where does the reset password link get sent? Your email address. The password for your email should be the strongest of all.
Set Gmail to Always Use HTTPS (SSL)
Unless there is a technical reason not to, you should have Gmail set to always use a secure connection (HTTPS). This setting is found under Settings > General > Browser Connection.
When Using a Shared/Public Computer...
Use "private" or "incognito" mode in the browser: These modes (available in most modern browsers) prevent the storage of web history, form data, or cookies. If you can't use this mode, be sure to clear history and cookies after you log out.
Log out from your account when you're done: This should go without saying, but people forget.
Don't Fall for Phishing Attempts
No site should be asking you for your Google Account password except Google. Don't enter your password on any page you reach after following a link, even from someone you trust. Go straight to https://www.gmail.com or https://accounts.google.com/ServiceLogin instead.
Keep Your System Secure and Up-to-Date
Keep up with OS and browser updates. Make sure you use a trustworthy malware/virus scanner and keep it up to date as well.
Disagree with an answer above? Leave your own answer or submit a comment at the original question. See more questions like it at Web Apps Stack Exchange, a question and answer site power users of web applications. And if you've got your own web app problem that requires a solution, ask a question. You'll get an answer. (And it's free.)