Is Gmail secure? Let’s walk through the security features they have, and think about how they work in the real world.
1) Is Gmail Secure against Phishing?
Hackers use “phishing” attacks to either steal your data or get control of your computer. They’ll send you an email with either a link or an attachment. If you open it, they’ll have access to your computer.
In our tests, Gmail is much better than Office365 or Yahoo Mail at stopping spam and phishing emails. While Office365 has announced some better spam and phishing detection, we’ve been very happy with the long term performance of Gmail.
Google built “the first computer program to ever beat a professional player at the game of Go.” These “machine learning” programs are also great at spotting bad emails.
When it comes to phishing, we think Gmail is the best game in town.
2) Is Gmail Secure against Sniffing?
Hackers can listen in on your web traffic. You’re especially vulnerable if you’re using wifi in a public place like an airport or a coffee shop.
In 2014, Gmail started forcing all traffic to use HTTPS. This stops hackers from listening in on your email on insecure wifi networks.
You can tell if you’re using HTTPS by looking at this lock in the address bar of your browser:
3) Is Gmail Secure against Password Guessing?
Another way that attackers can use to get into your account is to try to guess your password. Gmail keeps you safe from these attacks in three ways:
a) 2 Factor Authentication. We HIGHLY recommend you use this. When it’s turned on, you’ll need to use an app or a text message on your phone to get into your account.
Gmail has done a better job of 2 Factor Authentication than other companies. It’s easy to use. It also only asks for your code if you’re doing something weird (like logging on from a new computer).
If you don’t have access to your app, it also lets you get codes via text message…
And they’ll give you some backup codes you can use if you don’t have your phone handy…
b) Password guessing. If someone tries to log in to your account over and over, Google will lock them out. People call this a “brute force attack.”
c) Activity on this account. We love this — with the click of a button, it’s super easy to see exactly where your account is being used. You can also click a button to lock out other sessions.
Our HIPAA compliance customers get help in setting up two-factor authentication (and everything else) properly.
Get our free “17 Tips for Gmail and HIPAA Compliance” to learn more about keeping your email safe.
4) Is Gmail Security Easy to Use?
To us, this is one of the most important features of security.
You can have all the security in the world, but if it’s hard to use, people won’t use it.
Gmail has done a nice job of making security easy to use.
The best example is a step-by-step checklist that you can follow to make sure that your security is up to snuff.
It covers everything from strong passwords…
To double-checking that you’re using legit devices…
To making sure that outside apps are allowed…
And more. We make sure these are all set up properly for our customers.
5) Is Gmail Secure on Mobile?
Gmail has great apps that run on Android or iOS and make it easy to sync your email to your phone. Or, if you prefer, you can use the default mail apps.
The connection between your phone and Gmail uses SSL encryption. This means that a hacker using sniffing can’t see your email, even if you’re on a public wifi network.
While the connection to Gmail is secure, you need to do a few more things to make sure your mobile phone is secure:
- Protect it with a strong password
- Make sure mobile encryption is turned on (it is by default in the newest mobile devices)
- Have a way to track your phone if it’s lost or stolen (like Find My iPhone or Android Lost)
6) Is Gmail Secure against the Government?
With news about warrants to access email, many people wonder if the government can access Gmail.
The answer is yes, though this is true of all US-based email providers. If the police or FBI can get approval from a judge, they can compel Google (or other email providers) to turn over emails.
In fact, this is true in most countries.
We like the level of transparency that Google provides into this process. On their site, you can see a country-by-country graph that shows law enforcement requests.
While there are email providers that claim to not give access to law enforcement, we don’t recommend using them. Gmail has almost a billion users, and only 69,000 of them have been the subject of a warrant. Which means that Gmail is a great fit for the 99.9999% of us that have nothing to worry about.
What should you do next?
- Get our free “17-Step Guide on Gmail and HIPAA Compliance” to learn more about keeping your email safe.
- Schedule a HIPAA Strategy Session with our CISO. The opportunity is limited so act now to secure your spot!
- Know someone who might like this article? Share it!
- Have questions or something to add? Let us know in the comments below!