Start for free
Gilbert Zhang / 5.30.2023Home / Email Security

How to secure a Gmail account from hackers—a quick guide

Even the most tech-savvy users can fall victim to cybercrime without proper security measures. Learn how to secure a Gmail account from hackers and avoid this.
Cybercrime is on the rise, and email is the prime vector. In 2022, APWG reported over 1.27 million phishing attacks, the highest number ever recorded by the organization. Hackers are on a constant lookout for new strategies to defraud users, so securing the inbox is crucial to staying safe.While Gmail isn’t the safest email service on the market, it offers a few options for increasing security levels. This guide will show you how to secure a Gmail account from hackers by implementing the available safety features. You’ll then learn about a more advanced way to keep your correspondence and data safe from all malicious parties.
Strengthen your email securitySkiff Mail's encryption fortifies your email against hacking attempts, keeping your sensitive information secure
Sign up

How to secure your Gmail account

You can reduce the risk of a Gmail account breach by implementing a few simple security practices:
  1. Set strong passwords
  2. Enable two-factor authentication (2FA)
  3. Set up Gmail account recovery
  4. Enroll in the Advanced Protection Program

Protect your account with a strong password

Your password is the first and most important line of defense against cyberattacks. More advanced measures won’t matter much if a hacker can easily guess your login credentials. A simple brute force attack can help them steal your password and take control of your account.Many people don’t bother with complex passwords when first creating an account. If this goes for you, make sure to review and upgrade the password by following these steps:
  1. Log into your Google account (the same credentials apply to all Google products, including Gmail)
  2. Go to Security in the left-hand menu
  3. Scroll down to the How you sign in to Google section and click Password
  4. Choose your new password and click Change password
Source: Google account screenshotWhen setting a password, follow these tips to ensure it’s strong enough:
  • Combine upper and lowercase letters, numbers, and special characters
  • Don’t use consecutive numbers/letters or common keyboard patterns
  • Avoid using personal information

Turn on two-factor authentication

Two-factor authentication (2FA) gives your account another security layer beyond the login credentials. After logging into Gmail from a new device or location, you’ll be prompted to enter a security code preventing unauthorized access. The account can’t be accessed without the code, so it stays safe in case someone steals your login details.Google implements several 2FA methods, though two are used the most frequently:
  1. Google prompt sent to a trusted device
  2. Phone number
You can find both options in the aforementioned How you sign in to Google section in the security menu.
Source: Google account screenshotAdd your trusted device and phone number in the corresponding settings, and Google will start requiring additional verification whenever there’s unusual account activity.If phone verification doesn’t seem private enough (as you need to leave your number), you can choose between three additional options explained in the following table:
Verification methodWhat it is
Authenticator appAn app creating the verification code instead of one being sent to your phone number, which gives you more confidentiality
Security keysPhysical security key in the form of a USB drive. You’ll be asked to plug the key into your device to access the account
PasskeysA form of passwordless authentication involving biometric scanning (fingerprint, face, etc.) or a PIN

Set up account recovery

Even if you follow all the right email security practices, you should prepare yourself for the worst scenario. Cyberattacks can be highly elaborate, so you need a contingency plan and a way of recovering your account if someone takes over it.Google lets you do this by setting a recovery phone and email address. Both are used to confirm your identity if you need to regain control of your account.The option to add your recovery details is also available under How you sign in to Google. Note that you’ll need to confirm the phone and email address, so enter the ones you currently use and have access to.
Source: Google account screenshotIf your account is compromised, visit the Account Recovery page and follow the provided steps. You should regain access after answering the necessary questions and verifying your identity, so make sure to change your login credentials immediately to protect yourself from future attacks.

Sign up for Google’s Advanced Protection Program

Google aims its Advanced Protection Program at activists, journalists, and everyone at risk of targeted attacks. Still, anyone who wants to improve their Gmail account security can join and leverage some additional safety measures.If you enroll, Google will make two-factor authentication obligatory and provide more thorough file scanning to help you avoid phishing and malware.There aren’t many security layers besides this, and joining requires a security key you must purchase separately, so the program might not be worth it. It can still be a good idea if you already have the key, but make sure it’s FIDO® compliant so that Google accepts it.

Is Google safe from hackers if you implement the above measures?

Google has suffered numerous security breaches so far, some of which were quite severe. Unfortunately, even the aforementioned security layers might not be enough to protect your data from certain attacks.This is because many forms of cybercrime aren’t preventable through features you can control or even aimed at your account specifically. For instance, you can’t do anything about Gmail’s servers being attacked. Such a breach could result in lots of your sensitive information leaking, as Google is well-known for collecting and storing large amounts of data.To make the problem worse, Google doesn’t offer adequate protection of stored emails. It uses the TLS (Transport Layer Security) encryption protocol, which only safeguards your messages while they’re traveling to the recipient.Strong encryption is the cornerstone of email safety, and a lack of it can’t be compensated with surface-level security features. That’s why you need an email provider with end-to-end encryption (E2EE) to ensure your correspondence remains safe and private.
Take proactive measuresUsing the first-rate E2EE, Skiff prevents unauthorized access and potential data breaches
Sign up

How end-to-end encryption ensures comprehensive email security

End-to-end encryption gives users full control of their data by ensuring only the sender and recipient can see the email’s contents. Each email is encrypted on the user’s device using a key that isn’t shared with the provider, so even they can’t decipher the message.The plaintext copy of your email won’t be available until it reaches the recipient, who decrypts the message using their private key. This means that even if a hacker intercepts the email, they can’t see its contents.You can’t get this level of security with Gmail unless you upgrade to a paid plan. Even then, you’d have to buy and configure an S/MIME certificate manually, as this is the only standard Google supports.If you want complete privacy and security without paywalls or complex setup processes, choose a privacy-first email provider like Skiff.

Skiff Mail—advanced email security for everyone

Combining strong end-to-end encryption with numerous security features, Skiff Mail ensures your emails are protected from all unauthorized access. The platform uses two separate keys to shield your correspondence:
Public keyUsed for encryption and shared between the sender and recipient
Private keySafely stored on the user’s device and used to decrypt the message
For additional account security and confidentiality, Skiff lets you sign up without leaving any personal information. The Secure Remote Password enables zero-knowledge login, so your credentials aren’t stored on Skiff’s servers. You can also set up two-factor authentication with the Authenticator app, so you can fortify the account without leaving a phone number.You don’t need to configure anything manually—all of the platform’s security measures are active by default. Once you create an account, you’ll be greeted by a modern, user-friendly interface that makes it easy to manage your emails in a safe environment.The best part is—Skiff is completely free to use with no time limits. Your free account will provide all of the above security layers alongside various useful features:
  • 10 GB of end-to-end encrypted storage
  • Four Skiff.com aliases
  • Lightning-fast email and text search
  • Folders, labels, and filters for easier email management
  • Integration with numerous crypto wallets, including MetaMask, Brave, and Coinbase, for anonymous communication
If you want to learn more about Skiff’s security features, check out the whitepaper. You can also visit Skiff’s GitHub for an overview of its codebase, as the platform is open source and fully transparent.

Create, share, and collaborate safely with Skiff’s rich product suite

Emailing is only a part of your workflow, so Skiff made sure you can perform numerous other tasks without worrying about privacy and security. When you sign up for Skiff Mail, you’ll get access to three additional end-to-end encrypted platforms—Pages, Drive, and Calendar.Skiff Pages features a rich text editor and invite-based collaboration to streamline your projects. There’s also a version history ensuring you can go back in case of any errors and keep close track of all changes.To store your files safely, use Skiff Drive—a secure cloud solution offering numerous protective measures and up to 1 TB of storage. You can also choose to integrate your drive with the InterPlanetary File System (IPFS), the largest decentralized space for file management.Skiff Calendar integrates with Mail to sync your events, making sure you don’t miss anything important. You can also schedule private video conferences and create shared calendars for easier coordination with your team.The above platforms are available on all major browsers, iOS, Android, and macOS. Visit the download page for more details on Skiff’s compatibility.

Get started in three quick steps

You can secure your emails and files in no more than a couple of minutes. All you have to do is:
  1. Go to the signup page
  2. Choose your account name and password
  3. Explore Skiff Mail and other secure products
Besides the rich free plan, Skiff offers affordable paid tiers that let you maximize its functionality.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required
Skiff Logo
Twitter iconDiscord iconGitHub iconLinkedIn iconYouTube icon
© 2023. All rights reserved.
ProductsMailPagesDriveCalendarPricingDownloadRoadmap
ResourcesBlogHelpAbout usChangelogFor startupsFree online notepadVideos
Top ResourcesAnonymous emailEnd-to-end encryption emailSecure documentsCloud storage guideCloud data protectionHave I been hacked?
DeveloperGitHubLibrariesSkiff Crypto docsSkiff UI docsWhitepaperReport an issueStatus
LearnEmail securityCloud storage
LegalPrivacy policyTerms of serviceAcceptable use policyTransparency