When you want to change your Gmail account's password, it requires changing your Google account's password. All Google apps and services are tied to a single account that you can access using your Google account ID and password. Of course, while you talk about that ID as Gmail ID, it is necessarily your Google account ID.
That's why you will need to open a Google account instead of Gmail to change your password. But there are certain points to keep in my mind even before you change Gmail/Google password. After all, you don't want your account to be hacked or compromised, do you?
We will discuss some key factors that affect your account's security and what you can do to protect its integrity.
Why Change Google Password
If you have forgotten your password, you need to recover your Google account's password and change it. Another reason could be a security breach. Think your account was compromised or someone was standing over your shoulder when you accessed Gmail? Maybe you were using a public Wi-Fi network or computer?
We use Google account to not only access all Google apps and services like Gmail and Drive, but also third-party sites and whatnot. Most apps have an option to 'Sign in using Google' button. While it is quick and easy, it also poses a security threat.
Best Practices to Keep in Mind
A lot of users still create and use stupidly simple passwords like 123456. This is as good as not having a password. Others go for some combination of birthdays, phone numbers, and so on. Your password should be random in nature. Not connected to you in any shape or form.
I like passwords, random strings of alphanumeric text, generated by password managers. While they are hard to remember, they are also safer and less hackable. But then you will need to depend on a password manager, and that's not a bad thing. You will need to remember just one password. Make sure it is really strong.
There was a time when security experts around the world recommended changing passwords every few months. My bank asks me to change mine every 90 days. Not anymore.
National Institute of Standards and Technology (NIST), in their guidelines to the government, asked organizations to increase the duration between forced password changes. That's because these passwords are often forced to be complicated (alphanumeric, case sensitive), and you cannot use a password that you already used last time or the time before that.
That results in employees/users resorting to more memorable passwords and reusing the same password with some variation. Other users end up writing down passwords in unsafe locations, further increasing security risks. I agree. You should change your password, but only when you sense or know that it has been compromised. If you follow the best security practices and use a solid password, you don't have to change it frequently.
How to Check If Compromised
But how do you know you have been compromised? There are a few ways.
The first one is news. Most hacks are reported and widely covered by media, so keep an eye out. Google has released a browser extension that will check your password against a database to ensure yours is not hacked or compromised.
Google also announced the Critical Alert feature, where you will be notified via a notification the moment Google thinks your account has been compromised. The notification is hard to spoof, Google says because it will appear as an in-app notification while using any Google app. It could be Search, Gmail, or Drive, for example.
There is also a reliable site called Have I Been Pwned, where you can enter your email ID and password to check against a publicly available database of hacked accounts.
Finally, you can apply some common sense. Noticed any suspicious activity? Emails you never sent or files you didn't download? User sign-in email from location/computer/IP you don't recognize? These are all signs that you have been hacked and need to change your Google account password immediately.
Using 2FA for Added Security
Google allows you to sign in using 2FA and 2SV. I recommend you implement them at the earliest if haven't already. This will add an additional layer of security so that even if your Google account password is compromised, the hacker won't be able to sign in. That's because they need to enter another password. A 6-digit code via an authenticator app or verify using your phone via 2SV.
Also on Guiding Tech
Using Password Manager for Ease
The number one reason people use a simpler (and hackable) password is that it is easy to remember and input. A password manager can fix this problem easily. Most password managers will also generate a strong, random password for you based on the criteria you have set. Now, you have to set a single password for the password manager, and don't forget to add 2FA to it. Your whole world will turn upside down if the password manager app is hacked.
How to Change Password
The process is simple enough.
Step 1: Open Google My Account page. Under the Security tab, you will find 'Signing in to Google' heading. That's where you can change password and enable/disable 2SV. Click on Password.
Step 2: You will need to re-enter your Google account password in order to verify it is indeed you who is trying to access these critical settings.
Step 3: You can now enter a new password (twice) and click on Change Password to save it.
Passing Word Around
Google already takes a lot of precautions to protect and secure your account, but it is also your responsibility to act earnestly. The age-old adage of 'precaution is better than cure' holds true here. Learning how to damage control is good, but why even go there. Stop hackers in their tracks by following best security practices in the first place. And it all begins with using a strong password, enabling 2FA, using secure networks and devices to access Google services, and using a password manager.
Google has been delaying its end-to-end encryption tool since forever. Click on the next article to know how SecureGmail can help secure your conversations on Gmail.
The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.