Here are some great tips for Gmail account security from the GMail Blog. I think the last one is really important. There have been numerous cases in the media recently about free email accounts being compromised using "security questions". At the very least, make sure you have a reliable backup email account listed for password recovery.
Gmail account security tips: "Posted by Sarah Price, Online Operations Strategist
As part of National Cyber Security Awareness Month, we recently posted about how to pick a smart password. Having a strong password goes a long way in helping to protect your data, but there are a number of additional steps you can take to help you keep your Gmail account secure:
1. Remember to sign out. Especially when using a public computer, be careful to sign out of your Google account when you're finished. Just click the 'Sign out' link at the top right corner of your inbox. If you're using a public or shared computer and want to be extra thorough, you can also clear the browser's cache, cookies and history. Then, completely close the browser. On your personal computer, you can also lock your computer with a password-protected screensaver if you need to step away momentarily. Learn the best ways to lock your screen in Windows or in Mac OS X. Forgot to sign out? Open up a new Gmail session on another computer and use Gmail's remote sign out feature to close any sessions that might still be open elsewhere.
2. Be careful about sending certain sensitive information via email. Once you send an email, you're no longer in control of the information it contains. The recipients, if they so choose, could forward the email or post its contents in a public place. Even if you know and trust the people you're emailing, that information may become exposed if their accounts become compromised or they get a virus on their machines. As a rule of thumb, should you need to provide a credit card number or financial account number to respond to a message, provide it over the phone or in person — not over email. And never share your password with anyone. Google does not email you to ask you for your password, your social security number, or other personal information — so don't send it!
3. Enable 'Always use HTTPS.' Any time you visit a webpage, your computer needs to send and receive information across the Internet. HTTPS is used to encrypt data as it is transmitted between computers on the Internet, so look for the 'https' in the URL bar of your browser to indicate that the connection between your computer and Gmail's servers is encrypted. We use HTTPS on the Gmail login page, and you can choose to protect your entire Gmail session with HTTPS as well. HTTPS can make your mail slower, so we let you make the choice for yourself. Open Settings and choose 'Always use HTTPS' on the General tab if you want to turn it on.
4. Be wary of unexpected attachments.To help protect you from viruses and malware, Gmail automatically scans every attachment when it's delivered to you, and again each time you open a message. Attachments you send are also scanned. That said, no system is foolproof, so if you happen to get an email from a friend with an attachment you didn't expect, don't be afraid to ask the sender what it is before you decide whether to open it.
5. Make sure your account recovery information is up-to-date. Your account recovery information helps you regain access to your account if you ever forget your password, or if someone gains access to your account without your permission. We currently offer several paths to account recovery. Every Gmail user must select a security question and answer — be sure to choose a combination that is easy for you to remember, but hard for others to guess or come across by investigating. Don't choose a question like "What is my favorite color?" as others may easily guess the answer. We also encourage you to provide a secondary email address and/or a mobile phone number, so we can send you a link to reset your password if you lose access to your account.