Basic security requires that you should never share your passwords with anyone outside the IT Department. Your password should ideally be at least eight characters, contain both letters and numbers (and other types of characters if you wish), and should not be the same thing you use on all your other accounts. You should never enter your Gmail password on any site that asks for it outside of Google. If a site looks suspicious and asks for such information, you can always check with the help desk for a second opinion.
Caution alone, however, may not be enough. To better secure your Google data, you may want to try using Two Factor Authentication (2FA). Google make 2FA available to all of our users. We have not made it mandatory because it can result in some rather significant inconveniences. If, however, you wish to add this extra level of protection, you may do so.
The 2FA protocol essentially blocks hackers from accessing your Gmail account or other Google features by requiring a second step beyond entering your password. You can associate a telephone number with your Google Account. After you enter your Google name and password, Google will call or text your phone with a second random six digit number. You must then enter that number in order to access your Google account.
Once you have done this on a computer, you can tell Google to trust that computer for 30 days, meaning you will not have to go through that second step every time, just once per month. You will also need to set up a special App Password on any device you use, such as a phone, tablet, or third party software package that accesses your Google account. The App Password is a long randomly generated password from Google, a unique one for each device you use, in order to access your Google account from that application.
This additional security makes it virtually impossible for a hacker attempting to log into your account from another location. It does, however, make life more complicated for you, since it regularly requires you to take extra steps to verify that you really are you.
I have been using myself as a test case for 2FA on my own account. I find it mildly annoying to go through the extra steps on occasion. Every time I log in from a new computer, I need to have my phone handy for authentication. That said, it has not been a major problem or impediment for me, and seems to work as advertised.
The important thing to remember if you turn on 2FA is that you will need your phone with you at all times in order to receive a text message with the random pin number. If you are one of those people who does not view their cell phone as an appendage which never parts from them, then 2FA may become a real impediment to getting to your email. If you are on the road and lose or forget your phone, you will not be able to check messages through some other place, such as a hotel computer. Also, if you plan to use other programs to access your mail, such as Outlook, or the mail program that came with your iPhone or Android (something other than the Gmail App) you will need to go through a separate setup process for each of these applications.
The important thing to remember if you turn on 2FA is that you will need your phone with you at all times in order to receive a text message with the random pin number. If you are one of those people who does not view their cell phone as an appendage which never parts from them, then 2FA may become a real impediment to getting to your email. If you are on the road and lose or forget your phone, you will not be able to check messages through some other place, such as a hotel computer. Also, if you plan to use other programs to access your mail, such as Outlook, or the mail program that came with your iPhone or Android (something other than the Gmail App) you will need to go through a separate setup process for each of these applications.
If you find yourself unable to get into your account after turning on 2FA, please note that the help desk will not be able to help you gain access to your messages, nor check your messages for you. The IT Administrator will need to go through a more cumbersome process of turning of 2FA which is not an easy or immediate thing.
With all that said, if anyone is interested in turning on 2FA on your Google account, you may do so via this site:
No comments:
Post a Comment