This week we’re talking about… Gmail woes

Free email accounts sound like a no-brainer, but should everyone be using them?

Do you use Gmail? Until recently, you may not have realised quite how many high profile people are using Gmail – a free service that is ad supported – instead of an official email system.

Remember all those emails that kept surfacing during the US presidential campaign, leaked by Wikileaks and pushed out on Twitter? They appeared to come from the private Gmail account of John Podesta, Hillary Clinton's former campaign manager, who is probably regretting the day he clicked on the spear phishing link that compromised his account.

Closer to home, there was the revelation that the Garda Commissioner Nóirín O’Sullivan was using a Gmail account for Garda business because the restrictions on the internal email system meant it was easier to send and receive large attachments through Google’s service.

According to Ms O'Sullivan, there was no evidence that security has been compromised through the use of the Gmail account. But that might be immaterial. According to members of the Policing Authority, Garda policy states commercial email providers should not be used.


Why is Gmail so popular?

Well, first of all it's free. Second of all, it has a huge storage capacity. You get 15GB of storage space that is split between your Google services. If you only use Gmail, that's a lot of messages you can keep before you have to start deleting things. If you use Google Drive too, that will eat into your storage space, but it's cheap to add extra storage to your account, and if you buy Google products such as a Chromebook, you'll automatically expand that storage even further.

In short: it’s simple to use, it’s generally free and it works.

So why the big fuss about using Gmail then?

It all revolves around control. There’s no guarantee that an office email system is any more secure than Google’s webmail, but there’s a few things that should be considered. First of all, the IT people within your office probably feel they have more control over an office-based email system than one that is being overseen by Google-on-high. There may be security policies in place to ensure that you have to change your password regularly, for example.

Using third party system become a problem when you take into account that there may be requests from governments about information that tech companies hold on users. We all remember the

Secondly, there are ads to consider. If the service is free then you are the product. Most of us are fine with that. We use Facebook without a second thought, handing over all sorts of information in exchange for the perfect platform for duck-face selfies and humble brags (though to find out how to limit how much you give away, see here). Have you ever noticed though that when you use Gmail, you get served ads that may spookily reflect the content of the emails you've just been reading. That's because Google scans keywords in your email and uses what it finds to deliver personalised ads to you based on your interests and location. Exactly what ads Ms O'Sullivan got has sparked some curiosity.

Essentially, Google's terms of service – which you agree to when you sign up to Gmail – gives the company rights over data sent via its services. That's a bit disturbing when you think what could have been sent by Garda officials. More on that here.

So should I just shut down my Gmail account?

If you don't like the idea that a third party – ie Google – has access to the content of your email, then by all means go ahead. But unless you have the skills to set up and maintain your own email server, a la Hillary Clinton, then you'll have to rely on someone somewhere down the line to manage your mail.

Other options, like WhatsApp which offers end to end encryption for messages, relies on others using the same services, so it’s not practical for work purposes.

It's either that or start communicating via snail mail again. And even then you'll have to hand your letter over to An Post to deliver, so again, we're back to that pesky third-party problem again.

Most people’s communications are hardly likely to be of the same security level as the Garda Commissioner’s. If your emails are mainly to and from your parents and friends about family plans and catching up, it’s unlikely that there’s anything in there that would spark a security alert.

However, it doesn’t hurt to make it as difficult as possible for anyone else to view the contents of your mailbox.

What should I do to keep my password safe?

Follow the basic security advice that experts are continually pushing. In case you missed it:

Use a strong password:

Don’t use an obvious password – your name or date of birth, for example. It’s best to use a mixture of letters and numbers, with the odd capital letter and symbol thrown in for good measure.

Never reuse your passwords:

If you use a password on your mail account, don’t use the same one elsewhere, on social networking sites or for online shopping, for example. If another site gets hacked, your login details may be exposed, and that could compromise other services.

Change your passwords regularly:

Yes, it’s a pain, and we complain often enough when work security policies force us to change our passwords on a regular basis. But if you want to make sure that your email account is protected, it’s probably a good idea to change the password occasionally. That way if the worst happens and your details are compromised without your knowledge, there’s no danger of something popping up in a year or so to take you by surprise.

Implement two-factor authentication:

Gmail, like other services, offers two-factor authentication. That means you have to have something you know, like your password, and also a randomly generated code to log into your account. Without one of these, you won’t be able to get into your email account. In Gmail’s case, you can get a code delivered via text, voice call or its mobile app. If you are using Gmail on a computer, you can also create a security key on a USB stick that you can bring with you.

Once you sign in at a new location, you can tell Google not to ask you for a code for that particular machine again – provided you trust it, that is.

How can I tell if someone has been in my email account?

Google will occasionally send you an email to let you know if it has blocked a suspicious sign-in attempt, but what if someone has your password? Apart from changing your password immediately, you can also find out exactly where the sign-in has come from, as long as you still have access to your account. Log in to your Gmail account and scroll down to the bottom of the page. You should see a link for “Last account activity” at the very bottom. Click on that and it will show you where all the recent log ins to your account have come from, and if any are still signed in. That information will include the access type – browser, mail programme, etc – a location with an IP address and how long ago the activity was logged.