One morning, you open Gmail and find that all your important emails like bills, work documents, and even access to social media disappear. All that remains is a threatening message from the hacker asking for a ransom. It’s not a movie scenario, but a real risk that lurks in every Gmail user!
Did you know that every 39 seconds, a hacker manages to break into the world’s email accounts? Recent data from the University of Maryland indicates that attacks on Gmail accounts have increased by 300% since the onset of the pandemic.
This attack can be prevented by enabling Gmail’s built-in security features. Unfortunately, 90% of users don’t activate it because they are unaware of or don’t consider it important.
In an increasingly complex digital world, protecting your Gmail account is no longer enough with just a password. Hackers are now using sophisticated techniques such as phishing, brute-force attacks, and social engineering to take over accounts without your knowledge. That’s why Google has provided several advanced security settings that you can enable to close those loopholes.
Here are 6 Gmail settings that you must enable right now to strengthen your account’s defenses against increasingly real digital threats.
1. Two-Factor Authentication (2FA) – Extra Layer of Defense
Two-Factor Authentication (2FA) is a basic but highly effective security feature. This feature adds a second layer of verification in addition to your password. So, even if the hackers manage to get your password, they still can’t log in without an additional verification code.
Your password has been leaked on the dark web, but hackers still fail to log in. How come? Because there is a “secret door” called 2FA that is blocking them!
How to Enable 2FA:
- Go to the page: Google Account > Security > 2-Step Verification
- Click Get Started and log in again if prompted
- Select a verification method:
- SMS (code sent to mobile phone)
- Authenticator App (such as Google Authenticator)
- Security Key (e.g., YubiKey for maximum security)
According to Google, 2FA can block 99% of brute force attacks even if your password is “123456”! 2FA prevents illegal logins because it requires a unique OTP code that only you have. This is a strong barrier that hackers hate the most because it hinders instant access to your account.
2. Activate the Advanced Protection Program (for Super Important Accounts)
If you’re a businessman, startup owner, investigative journalist, or anyone else who has access to sensitive information, then Google’s Advanced Protection Program (APP) is the most up-to-date defense solution you need to be on.
Who is this feature for?
- Have access to financial data (e-banking, e-wallet)
- Save confidential documents in Google Drive
- Frequently receive sensitive emails (business contracts, ID cards, etc.)
How to Activate:
- Buy a physical security key (e.g., YubiKey)
- Set up two security keys (one main, one backup)
- Visit: g.co/advancedprotection
- Follow the registration and verification process
With the APP on, your account will be at the highest level of security that Google has, even beyond the standard Gmail account of the general user.
3. Use Password Manager & Create Unique Passwords – Weak Passwords Are An Invitation To Hackers
Still using passwords like your name123, gmailmy2023, or secret01? If so, then you’ve opened the door for hackers to get into your account without any meaningful effort. Weak and repetitive passwords are one of the biggest causes of account hacking worldwide.
Solution:
Use long, complicated, and unique password combinations for each account. Better yet, use a trusted Password Manager such as:
- Bitwarden
- LastPass
- Google Password Manager
The Password Manager will:
- Securely store all passwords
- Create a very strong random password
- Autofill login without you needing to remember everything
4. Enable Login Alert & Monitor Login Activity – Early Detection Before It’s Too Late
One of the smartest ways to keep your Gmail account secure is to monitor your sign-in activity and receive notifications whenever your account is accessed from a new device or location. This allows you to act quickly before a data leak occurs.
Check Login Activity:
- Open Gmail via desktop
- Scroll to the very bottom of the inbox page
- Click on the link: “Details” or “Last account activity”
You’ll see the information:
- Last login time
- Device location
- IP Address
In case of suspicious activity:
- Click on the “Sign out of all other web sessions” option
- Change your master password immediately
- Enable 2FA if you haven’t already
5. Turn Off Image Auto-Loading – Block Pixel Tracking Tactics
Did you know that images that look harmless in promotional or spam emails can save tracking pixels? These are microscopic images that are used to track whether you open an email, your location, even the time of access, all without explicit permission.
Pixel Tracking Risks:
- Phishing campaigns can verify that your email address is active
- Your activity data is sold for targeted advertising
- Potential location leaks and habit patterns
How to turn off image auto-loading:
- Open Gmail in a browser
- Click on the gear ⚙️ icon > See all settings
- Select tab: General
- Scroll to the Images section
- Select: “Ask before displaying external images”
6. Update Recovery Email & Phone Number – Account Recovery Key
The account recovery feature is your last resort if you lose access to your Gmail account. However, many users forget or leave the recovery info inactive, a fatal thing that can make an account unsalvageable if hacked.
Recovery Info Function:
- Receive a verification code when you forget your password
- Cancel an account takeover attempt
- Increase Google’s confidence that you’re the rightful owner of your account
How to Update:
- Open: Google Account > Personal Info
- Select: Email recovery and Phone recovery
Make sure the email and number are still active, accessible, and not easy for others to guess