Day 5: Secure Your Email Accounts

Why Email Security is Critical

Your email account is the gateway to your digital life—it’s used to reset passwords for other accounts, receive sensitive information, and verify identities. A compromised email account puts all your other accounts at risk.

Since I think you all use Gmail, I’ll focus on securing your Google Account but also includes general advice applicable to other email providers.

Step 1: Enable Two-Factor Authentication (2FA) for Your Email

Two-Factor Authentication (2FA) prevents hackers from accessing your email even if they steal your password. If you didn’t do this yesterday, let’s do it today.

How to Enable 2FA on Gmail (Google Account)

1. Go to Google’s Security Page.
2. Under “Signing in to Google”, click “2-Step Verification”.
3. Click “Get Started” and sign in if prompted.
4. Choose an authentication method:
   • Authenticator App (Recommended) – Use Bitwarden
   • SMS (Not Recommended, but better than nothing).
5. Follow the instructions to complete setup and test your 2FA method. Don’t forget you can use the camera icon in the bitwarden edit page to capture the QR code.

Step 2: Check for Unauthorized Access

Hackers may already have access to your email without you realizing it. Google provides tools to check this:

1. Go to Google’s Security Checkup.
2. Look under “Your devices” for unfamiliar logins.
3. Under “Recent security events”, check for unrecognized activity.
4. If anything looks suspicious, sign out of all devices and change your password immediately.

Step 3: Use a Strong, Unique Password

Your email password should be long, unique, and stored in Bitwarden.

🔹 How to change your Gmail password:

1. Visit Google Account Password Settings.
2. Click “Password” and sign in.
3. Generate a new random, long password (at least 16+ characters) using Bitwarden.
4. Update the password in Bitwarden and save it.

Step 4: Check Email Forwarding and Recovery Options

Attackers often set up email forwarding rules or change recovery settings to maintain access.

🔹 Check for unauthorized email forwarding in Gmail:

1. Open Gmail and go to Settings (⚙️) → See all settings.
2. Click on “Forwarding and POP/IMAP”.
3. Ensure no unknown email addresses are set to receive forwarded emails.

🔹 Check recovery options:

1. Go to Google Recovery Settings.
2. Ensure only your phone number and a trusted recovery email are listed.

Step 5: Be Wary of Phishing Emails

Hackers use phishing emails to trick you into revealing passwords or clicking malicious links.

Common phishing red flags:
✅ Urgent requests like “Your account will be closed!”
✅ Emails asking you to confirm login details.
✅ Fake links (hover over links before clicking to see where they are going, but even still be careful)
✅ Unexpected attachments—never open them unless you are 100% sure they are safe.

🔹 If in doubt, go directly to a website by typing in the address instead of clicking a link.

Next Steps

Tomorrow will be a lighter day. We’ll look at some browser settings to make bitwarden work better.

✅ Action for Today:

• Enable 2FA on your Gmail account.
• Check for unauthorized logins and forwarding rules.
• Change to a strong, unique password.
• Review your recovery options.

---

🔒 Your email is your most valuable online asset—protect it well!