Tip: Use Gmail’s built-in activity monitor to audit account security

One of my favorite aspects about Gmail is that Google goes above and beyond simple e-mail, having extra features not found in many other e-mailing services. One of these extra features is Gmail’s activity monitor.

Gmail’s activity monitor is a tool that monitors and logs who accesses your Gmail account (IP address + geographic location) and at what time the account was accessed; it also tells you from what device the account was accessed with (mobile, browser, etc.):

Using the recent activity log, one can easily spot if there has been unauthorized access to ones Gmail account – just look for erratic, unknown, or unusual IP addresses. If you find an IP address that does not belong to you – look at the very bottom of the page to see your current IP address – that may mean your account has been hacked.

Do note, though, that just because you find multiple different IP addresses accessing your Gmail account that does not necessarily mean your account has been compromised. You could have accessed your account using different Internet connections (i.e. your WiFi, your phone, your friend’s WiFi ,etc.) in which case IP addresses will differ; you may also be assigned a dynamic IP address from your ISP (most people do) so your home Internet’s IP address will change periodically, and that change may be reflected in the activity log.

To double-check and verify if your account has been compromised, IP addresses can be researched using tools IP tracing tools. These tools provide detailed information about IP addresses, allowing you to determine if the access to your Gmail account was legitimate – i.e. by you – or not.

While you can use any tool you want to research IP addresses, WhatsMyIPAddress is my personal favorite IP address-searching tool because it displays general and geographic information regarding an IP address, in a human-readable manner:

If you come to the conclusion your account has indeed been compromised, you can use the activity monitor to quickly change your password (pick a good one this time):

  • Click on Sign out all other sessions to ensure nobody but you is accessing the account at that moment:

Once you change your password, since you logged everyone out that was logged in, no one but you will have access to your account.

Four more things to note:

  • In addition to changing your password, if your account has been compromised you should consider changing your security question/answer and verifying your recovery e-mail address and phone number are accurate. If someone broke into your account, they also could have figured out the answer to your security question (or even changed the question/answer), and/or modified your recovery e-mail address and phone number. All three can be changed via Google account password recovery settings:

  • You do not have always have to manually access the activity monitor to view for suspicious activity. Gmail’s activity monitor has the ability to be set to automatically issue you alerts when it discovers odd access to your account:

By default the activity monitor is actually set to automatically issue you alerts; so you don’t need to turn it on yourself.

  • The activity monitor is accessible by clicking on Details at the bottom of your Gmail account’s page:

  • The activity monitor is available on regular Gmail accounts as well as Google Apps accounts.

While the Gmail activity monitor is no protection against hackers, it is an easy way to clean up the mess after the fact. *Cough* Gawker’ed *cough*

Have any other useful Gmail tips? How about tips regarding other e-mail services? Share with everyone in the comments below!

Thanks IainB!

Related Posts