Is Gmail Secure? 6 Ways to Tell

is-gmail-secureIs Gmail secure?  Let’s walk through the security features they have, and think about how they work in the real world.

1) Is Gmail Secure against Phishing?

Hackers use “phishing” attacks to either steal your data or get control of your computer.  They’ll send you an email with either a link or an attachment.  If you open it, they’ll have access to your computer.

In our tests, Gmail is much better than Office365 or Yahoo Mail at stopping spam and phishing emails.  While Office365 has announced some better spam and phishing detection, we’ve been very happy with the long term performance of Gmail.

Google built “the first computer program to ever beat a professional player at the game of Go.”  These “machine learning” programs are also great at spotting bad emails.

When it comes to phishing, we think Gmail is the best game in town.

2) Is Gmail Secure against Sniffing?

Hackers can listen in on your web traffic.  You’re especially vulnerable if you’re using wifi in a public place like an airport or a coffee shop.

In 2014, Gmail started forcing all traffic to use HTTPS.  This stops hackers from listening in on your email on insecure wifi networks.

You can tell if you’re using HTTPS by looking at this lock in the address bar of your browser:

HTTPS on:

is gmail secure https on

HTTPS off:

is gmail secure https off

3) Is Gmail Secure against Password Guessing?

Another way that attackers can use to get into your account is to try to guess your password.  Gmail keeps you safe from these attacks in three ways:

is gmail secure two factor authenticationa) 2 Factor Authentication.  We HIGHLY recommend you use this.  When it’s turned on, you’ll need to use an app or a text message on your phone to get into your account.

Gmail has done a better job of 2 Factor Authentication than other companies.  It’s easy to use.  It also only asks for your code if you’re doing something weird (like logging on from a new computer).

If you don’t have access to your app, it also lets you get codes via text message…

And they’ll give you some backup codes you can use if you don’t have your phone handy…

b) Password guessing.  If someone tries to log in to your account over and over, Google will lock them out.  People call this a “brute force attack.”

c) Activity on this account.  We love this — with the click of a button, it’s super easy to see exactly where your account is being used.  You can also click a button to lock out other sessions.

is gmail secure account activity

Customers of our HIPAA-Compliant G Suite Service get our help in setting up two-factor authentication (and everything else) properly.

Get our free “17 Tips for Gmail and HIPAA Compliance” to learn more about keeping your email safe.

4) Is Gmail Security Easy to Use?

To us, this is one of the most important features of security.

You can have all the security in the world, but if it’s hard to use, people won’t use it.

Gmail has done a nice job of making security easy to use.

The best example is a step-by-step checklist that you can follow to make sure that your security is up to snuff.

It covers everything from strong passwords…

is gmail secure strong password

To double-checking that you’re using legit devices…

is gmail secure connected devices

To making sure that outside apps are allowed…

is gmail secure connected apps

And more.  As part of our HIPAA Compliant G Suite service, we make sure these are all set up properly.

5) Is Gmail Secure on Mobile?

Gmail has great apps that run on Android or iOS and make it easy to sync your email to your phone.  Or, if you prefer, you can use the default mail apps.

The connection between your phone and Gmail uses SSL encryption.  This means that a hacker using sniffing can’t see your email, even if you’re on a public wifi network.

While the connection to Gmail is secure, you need to do a few more things to make sure your mobile phone is secure:

  • Protect it with a strong password
  • Make sure mobile encryption is turned on (it is by default in the newest mobile devices)
  • Have a way to track your phone if it’s lost or stolen (like Find My iPhone or Android Lost)

6) Is Gmail Secure against the Government?

With news about warrants to access email, many people wonder if the government can access Gmail.

The answer is yes, though this is true of all US-based email providers.  If the police or FBI can get approval from a judge, they can compel Google (or other email providers) to turn over emails.

In fact, this is true in most countries.

We like the level of transparency that Google provides into this process.  On their site, you can see a country-by-country graph that shows law enforcement requests.

is gmail secure government warrants

While there are email providers that claim to not give access to law enforcement, we don’t recommend using them.  Gmail has almost a billion users, and only 69,000 of them have been the subject of a warrant.  Which means that Gmail is a great fit for the 99.9999% of us that have nothing to worry about.

Learn more about Gmail and Security

We’ve put together an e-guide that lists 17 steps for keeping email safe. It’s focused on medical professionals and HIPAA compliance, but the tips in the guide are relevant to any industry. You can download the guide here: Get the free e-guide “17 Tips for Gmail and HIPAA Compliance.”

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!

By | 2017-06-23T22:19:36+00:00 May 12th, 2016|Cloud Cyber Security, Email Cyber Security|3 Comments

3 Comments

  1. […] It’s not enough to rely on your email provider to stop phishing for you. We’ve said it before and we’ll say it again: you need to be proactive in your security instead of leaving it to your service providers (this goes for web hosting, too). The first step in that is being discerning about which email provider you pick. Make sure that your email service has solid security and strong anti-spam features. We’re partial to Gmail, ourselves. […]

  2. rrvau August 12, 2017 at 6:51 am - Reply

    What about Google scanning you emails for advertising purposes?

    • Josh Ablett August 15, 2017 at 9:39 pm - Reply

      Great question! According to this page on Google’s site, “Google Cloud does not scan your data or email in G Suite Services for advertising purposes.” My understanding is that this scanning only happens on free @gmail.com accounts, which aren’t HIPAA compliant anyway.

Leave A Comment