Posted:


As part of National Cyber Security Awareness Month, we recently posted about how to pick a smart password. Having a strong password goes a long way in helping to protect your data, but there are a number of additional steps you can take to help you keep your Gmail account secure:

1. Remember to sign out. Especially when using a public computer, be careful to sign out of your Google account when you're finished. Just click the "Sign out" link at the top right corner of your inbox. If you're using a public or shared computer and want to be extra thorough, you can also clear the browser's cache, cookies and history. Then, completely close the browser. On your personal computer, you can also lock your computer with a password-protected screensaver if you need to step away momentarily. Learn the best ways to lock your screen in Windows or in Mac OS X. Forgot to sign out? Open up a new Gmail session on another computer and use Gmail's remote sign out feature to close any sessions that might still be open elsewhere.

2. Be careful about sending certain sensitive information via email. Once you send an email, you're no longer in control of the information it contains. The recipients, if they so choose, could forward the email or post its contents in a public place. Even if you know and trust the people you're emailing, that information may become exposed if their accounts become compromised or they get a virus on their machines. As a rule of thumb, should you need to provide a credit card number or financial account number to respond to a message, provide it over the phone or in person — not over email. And never share your password with anyone. Google does not email you to ask you for your password, your social security number, or other personal information — so don't send it!

3. Enable "Always use HTTPS." Any time you visit a webpage, your computer needs to send and receive information across the Internet. HTTPS is used to encrypt data as it is transmitted between computers on the Internet, so look for the "https" in the URL bar of your browser to indicate that the connection between your computer and Gmail's servers is encrypted. We use HTTPS on the Gmail login page, and you can choose to protect your entire Gmail session with HTTPS as well. HTTPS can make your mail slower, so we let you make the choice for yourself. Open Settings and choose "Always use HTTPS" on the General tab if you want to turn it on.

4. Be wary of unexpected attachments.To help protect you from viruses and malware, Gmail automatically scans every attachment when it's delivered to you, and again each time you open a message. Attachments you send are also scanned. That said, no system is foolproof, so if you happen to get an email from a friend with an attachment you didn't expect, don't be afraid to ask the sender what it is before you decide whether to open it.

5. Make sure your account recovery information is up-to-date. Your account recovery information helps you regain access to your account if you ever forget your password, or if someone gains access to your account without your permission. We currently offer several paths to account recovery. Every Gmail user must select a security question and answer — be sure to choose a combination that is easy for you to remember, but hard for others to guess or come across by investigating. Don't choose a question like "What is my favorite color?" as others may easily guess the answer. We also encourage you to provide a secondary email address and/or a mobile phone number, so we can send you a link to reset your password if you lose access to your account.

You can find additional security tips for Gmail in our Help Center. Learn more about protecting your computer, website, and personal information by checking out our security series on the Google blog or visiting http://www.staysafeonline.org.

Posted:


Back in April, we released a new version of Gmail for mobile, re-designed to be faster, more usable, and offer basic offline support on iPhone and Android devices. The improvements we made to its underlying architecture have made it possible for us to rapidly release new features and further improve performance since then.

Over the last six months, we've added a lot: mute, label management, keyboard shortcuts, smart links, an outbox, and the ability to move messages (label and archive in one step). Some new features, like swipe-to-archive and auto-expanding compose boxes, take advantage of these mobile phones' unique properties. We also made address auto-complete faster, enhanced refresh capabilities, and sped up loading so Gmail for mobile starts in under three seconds on newer smartphones.


We'll continue to add more functionality —and there's no need to download or update anything as long as you have iPhone/iPod touch OS 2.2.1 or above or are using an Android-powered device. Just go to gmail.com from your mobile browser as you do on your PC. To make it easy to access your Gmail account, try creating a home screen link.

Posted:


Being an avid Google Docs user, I receive a ton of emails with links to documents that my co-workers and friends share with me. From technical design documents at work to my roommate's expenses spreadsheet, my inbox is full of document links that I need to view as I reply to my mail.

Opening these links in another tab or window is kind of annoying, plus it can be tough to keep the context of the email in mind while viewing the document.

Starting today, you can preview the contents of a Google document, spreadsheet, or presentation right in your Gmail inbox — just like you've already been able to do with YouTube videos, Yelp reviews, and Picasa and Flickr albums. Gmail will automatically detect when you receive a document link and display the name and type of doc below the email.


Just click "Show preview" and the contents of the document will display right there — no need to switch back and forth between email response and document.

To enable Google Docs previews, go to the Labs tab under Settings. Let us know what you think and what else you'd like to see while viewing docs in Gmail.

Posted:


When's the last time you got an email from a stranger asking, "Are you sure you meant to send this to me?" and promptly realized that you didn't? Sometimes these little mistakes are actually quite painful. Hate mail about your boss to your boss? Personal info to some random guy named Bob instead of Bob the HR rep? Doh!

"Got the wrong Bob?" is a new Labs feature aimed at sparing you this kind of embarrassment. Turn it on from the Labs tab under Gmail Settings, and based on the groups of people you email most often, Gmail will try to identify when you've accidentally included the wrong person — before it's too late.


If you normally email Bob Smith together with Tim and Angela, but this time you added Bob Jones instead, we'll warn you that it might be a mistake. Note that this only works if you're emailing more than two people at once.

While we were at it, we also changed the name of "Suggest more recipients" to "Don't forget Bob" — the two related Labs features just kind of went together better this way.

If you want to test "Got the wrong Bob?" out, try faking a mistake like this:
1) Think of three people you often email together.
2) Compose a message to two of them.
3) Start typing the third member of the group (for help you can use one of the people we suggest in "Don't forget Bob"), but then auto-complete on the wrong name.

If you have suggestions please let us know. And if "Got the wrong Bob?" happens to save you from making a really bad mistake, we want to hear about that too.

Posted:


Checking Gmail on your phone isn't reserved for those of us with extra fancy mobile devices — sure, it's easier to use Gmail when your iPhone has a touchscreen or there's a downloadable app built especially for your BlackBerry, but Gmail is available on almost all mobile devices today. If your phone has a data plan, it can get Gmail. There are two main ways to check your messages on the go:

(1) Go to gmail.com in your mobile browser

The easiest way to check Gmail from your phone is to go to gmail.com in your device's mobile browser. That opens a version of Gmail built especially for small screens, where you can see messages grouped into conversations, search through your mail, or flag important messages with stars. On some devices (iPhone and Android), Gmail offers some additional features like the ability to add and remove labels and basic offline support. Text the link to your phone to get started.

(2) Use your phone's built in email application

Many mobile devices come with native mail applications pre-installed. Setting up Gmail to work with them is usually pretty straight-forward and there is often a wizard to help. If you have an iPhone or Windows Mobile device, you can get push Gmail using Google Sync. Otherwise, you can set things up using IMAP with these step-by-step directions for specific devices. Depending on your particular phone, you may notice features such as search, conversations, and stars missing. On the plus side, these applications tend to start up quickly and work even when you're not connected to the internet.

For more information, check out this new beginner's guide.

Posted:


As part of National Cyber Security Awareness Month, we'd like to take this opportunity to remind you about smart password practices. Help ensure you're protecting your computer, website, and personal information by checking out our security series on the Google blog or visiting http://www.staysafeonline.org.

Phishing, a topic that's been in the news, is unfortunately a common way for hackers to trick you into sharing personal information like your account password. If you suspect you've been a victim of a phishing attack, we recommend you immediately change your password, update the security question and secondary address on your account, and make sure you're using a modern browser with anti-phishing protection turned on. Keep an eye out for the phishing warning Gmail adds to suspicious messages, and be sure to review these tips on how to avoid getting hooked.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can't keep you from being scammed, but setting one that's memorable for you and that's hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we've seen in the past and suggestions for making your passwords stronger.

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it's no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It's a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don't use the actual words of the site. If it's a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be "How much money do I have?" and the password could be "#m$d1H4ve?" (Note: since we're using them here, please don't adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like "password" or "letmein," keyboard patterns such as "qwerty" or "qazwsx," or sequential patterns such as "abcd1234." Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That's over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

Problem 3: Using passwords based on personal data
We all share information about ourselves with our friends and coworkers. The names of your spouse, children, or pets aren't usually all that secret, so it doesn't make sense to use them as your passwords. You should also stay away from birth dates, phone numbers, or addresses.

Solution 3: Create a password that's hard for others to guess
Choose a combination of letters, numbers, or symbols to create a unique password that's unrelated to your personal information. Or, select a random word or phrase, and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as "sPo0kyh@ll0w3En").

Problem 4: Writing down your password and storing it in an unsecured place
Some of us have enough online accounts that we may need to write our passwords down somewhere, at least until we've learned them well.

Solution 4: Keep your password reminders in a secret place that isn't easily visible
Don't leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. Also, if you decide to save your passwords in a file on your computer, create a unique name for the file so people don't know what's inside. Avoid naming the file "my passwords" or something else obvious.

Problem 5: Recalling your password
When choosing smart passwords like these, it can often be more difficult to remember your password when you try to sign in to a site you haven't visited in a while. To get around this problem, many websites will offer you the option to either send a password-reset link to your email address or answer a security question.

Solution 5: Make sure your password recovery options are up-to-date and secure
You should always make sure you have an up-to-date email address on file for each account you have, so that if you need to send a password reset email it goes to the right place.

Many websites will ask you to choose a question to verify your identity if you ever forget your password. If you're able to create your own question, try to come up with a question that has an answer only you would know. The answer shouldn't be something that someone can guess by scanning information you've posted online in social networking profiles, blogs, and other places.

If you're asked to choose a question from a list of options, such as the city where you were born, you should be aware that these questions are likely to be less secure. Try to find a way to make your answer unique — you can do this by using some of the tips above, or by creating a convention where you always add a symbol after the 2nd character in the answer (e.g. in@dianapolis) — so that even if someone guesses the answer, they won't know how to enter it properly.