Earlier this year the Google Apps account of my other domain was hacked. Though I got it back in a few hours with help of some mails to Google but still it feels sad when an IT professional who brags so much about network security could not get to his account.
Here are some tips to save you from the same fate.
- Use different passwords for different accounts. Everybody knows this but nobody cares to follow this. I know remembering a dozen cryptic passwords is very difficult but still I will suggest you to use different passwords for the accounts having sensitive information.
- Associate your account with with your mobile phone. I don’t know about others but Gmail allows you to do so. You just need to login into your Google account and click the link in Personal Settings > Security > Change password recovery options. You’ll be asked to verify your Google password. On the “Recovering your password” page the add phone details. This way if your password gets reset you’ll get a sms instantly.
- Check out your IP Address. Gmail and several other mail service providers tell you the last IP from which your account was accessed. If you see any funny IPs, change your password right away. If you don’t know your IP, go to ipmango.
- If Possible take regular backups of your mails. You can use any desktop mail client to download the mails and keep in your computer or you can online backup services like BackupMy. BackupMy can create a snapshot of your mails, twitter accounts, photos, blogs etc. at a very nominal price. You can get a trial for free though.
- Do not use your administrator account for day-to-day work. This tip applies for Google Apps users and of course to other app users as well. Admins should never use their administrative account for general mailing and other work. Instead create a normal user account and use it for regular work.
- Use https instead of http. If your mails carry very sensitive data then I will suggest you to switch to https. This will encrypt your mail protecting it from packet sniffers.
- Check your Security Question. Usually people keep some cryptic password but their security question is too simple to guess. For example, many people keep the security question as the name of their pet or first school. These thing can be easily known by your friends and relatives. If you are an active person on internet these details can be provided by Google itself.
If you are hacked, contact the support immediately otherwise there is a risk that your other accounts might be compromised.