How to Secure Your Gmail Account (Best Practices for All Users)
Summary: This article outlines best practices for keeping your Gmail account secure, including password hygiene, multi-factor authentication, and how to recognize potential threats.
Who This Applies To
All staff and users with a Google Workspace email account
Best Practices
1. Use a Strong, Unique Password
- Use a password manager like 1Password
- Avoid reusing passwords across systems
- Do not share your password with anyone
2. Enable 2-Step Verification (2FA)
- Always enable 2FA on your account
- Prefer using an authenticator app like Google Authenticator
- Avoid SMS-based codes when possible
3. Store Backup Codes Securely
- Generate backup codes in your Google account
- Store them securely in Box or your password manager
- Do not save them locally on your computer or email
4. Keep Recovery Information Updated
- Add a backup phone number
- Add a recovery email address
- Ensure both are accessible and current
5. Be Aware of Phishing Attempts
- Do not click suspicious links
- Verify sender email addresses carefully
- Be cautious of urgent or unusual requests
- When in doubt, report it to IT
6. Avoid Public or Shared Devices
- Do not log into Gmail on shared/public computers
- If necessary, use Incognito Mode and log out completely
7. Regularly Review Account Activity
- Visit Google Account → Security → Your devices
- Remove any unfamiliar devices
- Review recent activity for anything suspicious
8. Keep Devices Updated
- Install updates for:
- Your browser
- Your operating system
- Updates often include security patches
Troubleshooting / Common Issues
Issue: Didn’t receive 2FA code
→ Check authenticator app or use backup codes
Issue: Suspicious login alert
→ Change password immediately and notify IT
Need Help?
If you believe your account has been compromised, contact IT immediately.