You may have heard about a new phishing scam that targets Gmail users. It is particularly insidious and has fooled even experienced users. For more info, see this Forbes article: http://www.forbes.com/sites/leemathews/2017/01/16/gmail-phishing-attack-targets-your-contacts/#45175ce51f9d
One of the best ways to secure your Google account is to enable 2-Step Verification because it offers you another layer of protection. This means that the first security step is your strong password. The second security step uses a verification code. Before you log in to your account from a new/different computer you must type in a code that Google sends you. So even if a scammer has gotten hold of your username and password information, without the code their access is denied. You have many options for receiving the code. Some include printing them out to keep in a secure place, allowing Google to text or call you with the code, or using a USB security key (available on Amazon and elsewhere).
To enable 2-Step Verification:
- Click on your email address on the top right of your Google screen. Then click My Account.
- Click Sign-in & Security.
- Scroll down to Signing in to Google and click 2-Step Verification.
- Click Get Started.
- Re-enter your password.
- Type in your phone number and click either Text message or Phone call. Click Try It.
- Confirm that the number is correct by typing in the code you receive either by text message or phone call and click Next. If you don’t receive the code within a few seconds, click Resend.
- Click Turn On.
- You’ll see a screen that confirms 2-Step Verification is ON and identifies your “second step”. (The first step is your regular password. The second is either a text message or a phone call.)
- Set up at least one Backup method in case you can’t get a signal on your phone or you don’t have it with you.
- IT recommends setting up Backup Codes. These are unique codes that can each be used once. Print them and keep them in a safe place like your wallet so you’ll always have them with you. Once you have used a code, check the box next to it so you won’t use it again. You can always get new codes if you run out.
- When you log in from a new device/computer, enter your username and password as usual. The next screen will ask for your verification code. Type it in and click Next to complete your login. Some computers give you the option of remembering your code for 30 days. This is much less secure, but is more convenient.