ESET Tech Tip
By Randy Abrams, Director of Technical Education, Cyber Threat Analysis Center, ESET LLC
If you use web mail and are concerned about your account getting hijacked, Gmail offers more protection than providers such as Yahoo, Windows Live, and even most ISPs.
By default Gmail sends email encrypted, unless you have had your account for several years, in which case you need to turn on the encryption. If the email is not encrypted, then a person sitting in the coffee shop with you can use free software that will allow them to read your web based email.
In recent years there have been a number of email and social networking accounts that have been hijacked. In some cases this is done by guessing poor passwords, but more often it is the result of phishing attacks that trick users into providing their user name and password. It is also possible for malicious software to capture the information as you enter it on your computer if your computer is infected. To combat account hijacking Gmail offers two-step verification for users. If can be a little tricky to figure out how to turn it on, but if you want more security it is worth doing.
When you log into Gmail on the web, in the upper right hand corner there is a link titled “Settings”. Click on settings and then click on “Accounts and Imports”. From here you choose “Other Google Account settings from the “Change account settings” section. This will open a new tab or browser instance titled “My Account”. Under personal settings there is a link titled “Using 2-step verification”.
When you set up 2-step verification then anytime you try to log into Gmail your phone will be sent a special code. You can choose to use a different code each time you log in or save the code on your computer for 30 days. It is a little bit more effort to use two step verification, however it does make it much harder for anyone to get into your email account.
To make sure you have encrypted Gmail, go to the settings page and on the “General” tab there is a section called “Browser Connection”. Make sure you have selected “Always use https”.
If you have any questions about this or any other general security questions, feel free to email me at firstname.lastname@example.org.