Gmail, Google’s free and popular email service, informs its users of any suspicious activity in their account. This includes any suspicious new logins. Any time you use a new device (like a new smartphone or tablet, or a shared computer somewhere) to log into your Gmail account, Google sends an alert to the device you specified to receive security alerts.
Suspicious logins include those that do not follow the usual sign-in pattern, such as logging in from an unfamiliar location. In most cases, Google will ask the user some security questions. If they fail to answer and abandon the attempt to log in, Google will send an alert to the owner’s nominated device or account.
In unfortunate instances when someone tries to hack into your Gmail account, the alerts that Google will send will only provide one data point – one login date, one browser, one location. But what if your email has been compromised, and it isn’t a one-time situation but rather something that’s been going on for a while? What if someone’s been monitoring your email activity or sending out malicious emails in your name? In this article, we will show you how to do a comprehensive and effective review of your Gmail login history, so that you can detect if there has been a pattern of use by an unauthorized user.
Getting to the Bottom of the Problem
In order to detect unauthorized users, you need to know who the authorized users are. More specifically, Gmail doesn’t really track users, it tracks sessions. These sessions are identified by the device, the browser software, and the IP address used for access. Accordingly, you will need to know which devices you’ve used to access your Gmail account, the IP addresses from which you’ve accessed it, the browsers you used to do it, and the exact dates when you logged on to check your email.
The second step is to check your login history in order to figure out when and where someone else used your account. By doing this, you will be able to flag unauthorized access points and prevent them from happening again.
Gmail Login History Check
If you want to see your Gmail login history, you have to log in to your account first. At the bottom right of your dashboard, click on the Details button. This should open up a new tab with your account activity information.
The tables you see list the browser used, the IP address, the country of origin, and the date and time of the login. From this new tab, you can choose to sign out of all active web sessions if you notice any foreign activity.
You can also check for other details regarding each login by clicking on the Show Details link next to the browser tag.
Another way to view your login history is to visit the Recent Security Events page . There you can see any new logins from unauthorized locations and flag them.
You should also know that if you use another device, such as an iPhone with a 3G network, the address will be different from that of your home or office computer. Once you know both those addresses, you should immediately be able to tell which logins were not authorized. (See our related article on telling whether someone else is using your Gmail account .)
Beware the VPN
You may immediately spot a rash of suspicious logins from another location. However, before you conclude that you were hacked, check to see if you’ve been using a virtual private network (VPN ) package to cover your web browsing tracks. VPNs will usually spoof the IP tracing mechanisms of the Internet to make your computer appear to be somewhere (and someone) else; if you’ve had a VPN  running, it may be a little tricky for you to make heads or tails of your session logs.
This is not an argument for not running a VPN , by the way. VPNs definitely add a layer of security to your online sessions. However, be aware that they can complicate efforts to interpret security logs.
Why It’s Important to Check Your Gmail Login History
By the very nature of being a cloud-based email service, Google can’t just automatically block unauthorized IP addresses and devices from logging in to an account. They’d be blocking their legitimate users every time those users changed phones or used a different machine. The only steps they can take are the ones they do take, by flagging potentially suspicious events like mystery logins for your attention.
Most of us don’t change our passwords on a regular basis, if at all, so doing a login history checkup every once in a while is a good way to catch any shenanigans going on with your email. It doesn’t take very long, and better safe than sorry. Besides, even if you change your password regularly, you can’t always know if someone has a keylogger on your computer or some other way of finding out your password. If you find authorized legitimate logins, but from times and dates when you knew you weren’t in Gmail, then perhaps someone has physical access to your machine and is taking advantage.
The best way to keep your Gmail account safe is to regularly check your login history and report devices that shouldn’t have access to the account. The good news is that any new access point is flagged by Gmail. You should receive a notification email almost instantly so that you can take quick action.
Other Security Steps
There are other proactive steps that you can take to increase the security of your Gmail account.
One step is to set up a recovery email and phone number if you haven’t already, an email and a phone number that you know aren’t compromised, so that if worst comes to worst you can take back control of any hacked account. This is simple and easy to do; Google will walk you through the process .
Turn on Gmail’s 2-Step Verification in From Your Computer
Another step is to set up two-step verification on your account. Two-step verification adds another step to the login process. Besides your username and password, you can either have a physical device that you insert into the machine you’re using to validate that it’s you, or you can have Google call you or text you with an authorization code. You can also have Google send a prompt directly to your physical phone of record to verify that it’s you. These steps can be a little bit annoying if you log in frequently, but they make it virtually impossible for someone to hack into your Gmail account without having physically compromised your systems. To set up two-step verification:
- Go to your Google Account .
- On the left navigation panel, click Security.
- On the Signing in to Google panel, click 2-Step Verification.
- Click Get started.
- Follow the steps on the screen.
Turn on Gmail’s 2-Step Verification On Android
- On your Android device, open your device Settings, then tap Google.
- Select Manage Google Account.
- Next, tap Security.
- Select 2-Step Verification under the Signing in to Google menu.
- Tap Get Started and follow the steps on screen.
Set up Back ups
Setting up an account back up is a safety net to still have access into your account in case you forget your password, lose your device, or get locked out from your account for some other reasons. To set up back ups, follow these steps:
- Log in to your Google Account.
- Tap Security
- Tap the 2-Step Verification under the Sign in to Google panel.
- Add at least one of these second steps:
- Authenticator app codes
- Backup codes
- Backup phone