- Keep a strong password. Always. And strong doesn't always mean 'Batman', which was listed in top 25 worst passwords.
- Create a password which is a mix of capital letters, small letters, numbers, and special characters. It would be more advisable if your password is not related to your life, i.e your birthday, your partner's name, birthday or anything that is related to you. For example don't use MarilynManson666 as password even if you are his big fan.
- You can access your Google account settings from your phone as well as on a computer. On a computer you would get to understand and choose properly.
- Always keep 2-step verification turned on. So even if someone knows your password he will have to have possession of your phone to access your account.
- Always keep one extra email account. How will it help? If somebody has managed to hack into your primary account and changed the password, you can use the recovery email to get it back.
- Google will notify you on this recovery mail if there has been an unusual activity on your primary account.
- Account activity shows when and where you logged into your account. It also tells you the number of devices that are using your Google account.
- Simply going through it will show you if there is some unknown device that is using your Google account. It will also be the case if you forget to log-out of a system.
- You can check your account activity from Google Settings on any computer. Or a simpler option is to go way down your Gmail account and click on 'Last account activity (Details)'. It will open a new window where you can log-out from all the other devices as well as check the activity.
Google will notify you through email and/or message on your phone if there has been any unusual activity in your account, such as login from a new device, change of password etc.
Connected apps and sites
Connected apps and websites are the biggest hole that users create in their account safety. Your Google password may be strong or your faith in Google database security stronger but are you really certain about the safety of those apps? If an app or website has been compromised, your information will also be compromised. It doesn't matter if you have uninstalled or haven't used the app for a long time, your login information is in its database.