Open a second Gmail account now
Google really does take your security seriously and has been proving as much by the swathe of increasingly sophisticated protections against cyber attack it has introduced in recent months. With an estimated 2.5 billion active users, one of the main targets for hackers is your Gmail account. As reports of the latest session cookie stealing, two-factor authentication bypassing, cyber attacks against Gmail users flood in; there’s one surprisingly simple defensive action you can take right now to help protect your email. However, you need to do it now as otherwise it could be too late to help you if you fall victim to a 2FA-bypass Gmail attack: open a second Gmail account and add one rule to protect your data.
Open A Second Gmail Account To Backup Your Email Data
Imagine waking up to find that your Google account has been hacked and you are now locked out of access to your Gmail inbox as a result. For far too many people, that nightmare vision is all too much a reality as hackers employ session cookie-stealing techniques to bypass 2FA protections attack. Cybercrime agencies quite rightly warn users of online accounts to protect them with 2FA wherever it is available as an option. Google has introduced secure passkey sign-in access across devices and includes safe browsing protections for Chrome users. Yet still the attackers deploy increasingly sophisticated methods to get around those protections including, as I recently reported, tools to bypass even the stringent application-bound encryption process Google has in place to prevent cookie theft.
So, how does opening a second Gmail account help prevent 2FA-bypass cyber attacks? The brutal truth is that it doesn’t. It can, however, help mitigate the impact of such an attack. All the mitigations mentioned in this article still apply, and I heartily recommend that you ensure they are in place before doing anything else.
The impetus to write this article was a question posed in the Gmail subreddit by a Gmail user whose main account had been compromised, despite having 2FA in place, and wanted to know if setting up a second account could be done without it being compromised by the same threat actor.
Rather than prevent a security compromise, a second Gmail account can act as a backup to the important and often irreplaceable information that your email inbox contains.
How To Securely Setup A Second Gmail Account
With Google offering Gmail as a totally free web-based email platform, setting up multiple accounts is incredibly easy. I myself have lost count of the number I have, although I only use two or three regularly. The account creation process is as simple as one, two, three:
- Sign out of your Google Account.
- Go to the Google Account sign-in page.
- Click on create account.
To ensure that this new account is as secure as possible, and less likely to be compromised by a threat actor who successfully attacks the original one, use a passkey tied to a different device than the first, or two-factor authentication that uses a standalone 2FA code-generating app rather than via SMS to the same telephone number as previously. Indeed, try and use as much completely unique information as possible when creating the new account. Once you have the account created, then head to your original Gmail account settings and set up a forwarding rule that sends a copy of all email to the second account. This way you’ll have a backup should the worse happen. Remember, by applying the sensible mitigations detailed in those linked resources and not adopting insecure habits, your account should be safe from attack.
I would also recommend signing all your Gmail accounts up to Google’s advanced account protection programme which makes it much harder for anyone to compromise your account in the first place, and provides additional layers of security when recovering a compromised account.
If someone did manage to hack your original account, and it is forwarding email to your second Gmail account, that doesn’t mean both will be compromised. As these are separate accounts, the hacker would need to compromise them as separate entities. Here’s hoping you never get your Gmail account compromised, but it’s always good to have a plan just in case.
