Google-Gmail Security

Google-Gmail Security: a reader asks…

I recently started having a problem when using Google Chrome and Gmail (I use gmail.com). When composing an email, every word is now underlined like it was misspelled. I looked and saw that the spell check for Chrome was set on Spanish.  I turned off “Spanish” but couldn’t turn on “English” as the spell check language. Can you help? I also use the mail app on both iPhone and iPad to access my Gmail account.

Ok, before I answer the spell check question and just out of an abundance of caution, I’d suggest you change your Google password. It’s possible that someone gained access to your Google/Gmail account and made some changes to see if you’d notice. If you ignore this, such a nefarious person might then change your account password, locking you out of your own account. Hackers will often make small and insignificant changes to a compromised account and then do worse things when they see that the authorized user isn’t paying attention. But first, let’s fix the language issue in Google Chrome:

Fyi, the Google Chrome language and spell check settings are found by clicking the clicking the ellipsis (three vertical dots) at the top-right of the browser window. That opens a menu and you select Settings. That opens a new tab to your settings, which you then scroll to the bottom of the settings page and click the link “Advanced”. That expands the page so you can scroll down to Languages where the language used and the spell check language settings live. Whew! English (United States) should be selected in both the Language and the Spell Check items. Based on your screenshot, your spell check listing has English (but not United States in parentheses), and that option can’t be turned on. So you first need to add that language, and yes, “English” and “English (United States)” are two different languages to Chrome.

So click on Languages to expand the list. Your screenshot shows English, Spanish, and Chinese. To the right of each entry (but not English), is an ellipsis (three dots) – click that for Spanish and then select the Delete menu option. Do the same for Chinese. Now click the Add Languages link, and add English (United States) to the Languages list. Once that’s done, you can go to the Spell Check section underneath, and slide the slider to ON for that language. That will restore spell checking (in the correct language) to your web browser and Gmail.

Now that that’s done, it’s time to to change your Google account password and tighten up your online security. Here’s a list of what you’ll be doing:

1. Pre-emptively change your Google/Gmail password at https://myaccount.google.com/security#signin
2. If you haven’t already, turn on 2-step authentication (either on the same security page or follow the wizard at https://www.google.com/landing/2step/)
3. Also setup a recovery email (different email address) that you can access in case you are ever locked out of your account

First, visit https://myaccount.google.com/security#signin and on the right side you’ll see when your password was last changed. Click on that and you’ll be guided through changing your password. Please use a strong (aka long, over 15 characters) and unique (aka not used anywhere else online) password. You will need to visit your iPhone and iPad settings for the Gmail account (Settings > Accounts & Passwords) to change the password on those devices to the new password (or just check email and you’ll be prompted to input the new password.

Second, on the https://myaccount.google.com/security#signin page the next item below that on your My Account > Sign in & Security is 2-step authentication. I highly recommend you turn this on. Click the entry to get started and follow the on-screen instructions. Once you’ve done this, no one can get access to your account without having access to your text messages (meaning just you now).

For folks who’re used to having to use app-specific passwords for their devices, Google and Apple have finally made this unneeded. The first time your iOS mail, calendar or contacts app accesses your Gmail/Google account you may have to follow the 2-step authentication process to tap in a one-time code, but you won’t have to do this each time you use the mail, contacts or calendar apps.

One other option in the 2-step authentication setup process is to print or save a set of 10 one-time recovery codes. These are handy in case of emergency, such as if you lose your iPhone (and access to text messaging) and need to access your Google account from a computer that hasn’t already been recognized for your use. Print and save them someplace safe.

Third, on the same https://myaccount.google.com/security#signin page, further down the list is Recovery Options. Make sure you have a recovery email and your iPhone phone number recorded there (along with a security question which really won’t be needed anymore). You will probably have to receive and respond to an email to that account to verify that it’s active and you can use it.

With the above three things done, you have taken prudent action to ensure your account can’t be accessed from this point forward by anyone other than you.

If you are worried about if someone else accessed your account before you made those changes, that same security page will let you see what devices (and general geographic area) have accessed your Google account recently. At https://myaccount.google.com/security#signin:

1. Click on the Sign-in & security > Device activity & security events link.
2. Click the Review Devices link. This shows you every computer and device that has access to your Google/Gmail account.
3. If you don’t recognize a device, click on it and then click the red Remove button to remove access to it. If you don’t see a Remove button, that’s because your previous password-changing work made that unnecessary, account access is already reset.

It may very well be that the whole Google Chrome language change was actually caused by something else (such as malware). Again, the above is all out of an abundance of caution, because hackers are tricky/sneaky. If you are at all concerned about malware (and everybody should be), then I recommend you use Malwarebytes Premium anti-malware. Be aware that Malwarebytes updates their program at least every three months, and their virus signature files at least a few times a week. You should always make sure your protection programs are kept up-to-date since out-of-date protection is nearly as bad as not having any protection at all.