Are you protecting the secrets your email account holds?
Almost everyone uses email, and many of us have multiple accounts with various providers: gmail from Google, Outlook mail from Microsoft, an address provided by a school or employer, or perhaps mail through a privately-owned domain. Every online resource for which we establish an account requires inputting an email address as part of the registration process. Most services will authenticate the registrant via the entered email address, ensuring the person registering is a real person and at least implying the same person owns the email address (access doesn’t necessarily mean ownership, after all).
Most applications and services also rely on that same email account to facilitate user access in the event of a forgotten username and password. That’s why protecting one’s access to email is so important–if a person with criminal intent gains access to an email account, they can gain access to bank accounts, credit card accounts, social media accounts, etc., and often with considerable ease. Just consider how easy it is to gain access to a site when you forget one of your passwords and it’s not difficult to understand how easy it would be for someone with access to your email account to do the same.
So how do we better ensure the security of our email accounts? Here are six ideas:
- Make the password on your email account unique. That is, don’t use the password for your email account on any other account. That way if your email account password becomes known, at least the hacker will have to work a little harder to gain access to other online properties. And if it’s the reverse, where a hacker gains access to an account that is not your email, that password cannot be used to gain access to your email account, likely limiting the hacker to that single success.
- Keep your phone secure by limiting access with a fingerprint scan, password or a drawn pattern. This is important for two reasons: a site requiring two-factor authentication would refuse access if only the email account has been compromised and second, most smartphones obviously provide access to email.
- If you access your email account from a public computer, such as at a library or a hotel business center, always do so through a browser’s incognito window (Chrome), inPrivate window (Edge) or Private window (Firefox). That way you can close the browser session when you are done and all traces of your activity (cookies, history, etc) are erased at that workstation, precluding someone that uses the computer after you from accessing your browser session and impersonating you.
- Change the password on your email account frequently. If your password does become known, changing your password frequently shrinks the access window for a hacker.
- Use two-factor authentication if your email provider offers it.
- Be smart about your password choices:
- To the extent your mail service allows, use a complex password consisting of a mix of capital letters, lowercase letters, numbers, and special characters.
- Don’t reuse old passwords and don’t establish a pattern of iterating passwords as you change them (such as incrementing a number at the end of an old password).
Sometimes, despite good security practices, accounts get compromised. In fact, it’s probably a good idea to assume your email account will be compromised and take steps beforehand to limit what a hacker can do if that happens.
- If possible, when you establish an online account, make the username something other than the email address or the name of the mailbox (the part of the email address that appears before the @ symbol). Remember, a hacker needs two pieces of information to successfully access an account: the username and the password. If he has to discover both to gain access to an account, you’ve just made it that much harder for him.
- Consider using a different email address for different types of accounts. For example, you could have an email account you use for registering with social media services be different from the email account you use to conduct online banking. That way if one email account is compromised you limit the hacker’s access to the services that are associated with that email address, preventing access to other online services.