How to Secure Your Email Account Beyond Creating a Good Password
For many of us, writing emails is slowly but surely becoming a tedious task from days gone by. Communicating via instant messaging applications like WhatsApp, Viber, and Skype is much quicker, a lot more convenient, and, in most cases, free. Yet, people aren't rushing to close their email accounts, are they? In fact, while some might not realize it, your main email address is one of the most important online assets you have.
Many of the services that we need to use every day can't be accessed without an account, and frequently, you can't create an account without a valid email. The fact that the email address is associated with your accounts means that it can be used to change your passwords. The email account, then, is almost like the master key to your whole online life. It's important to know how to protect it.
It's not just about the password
In a perfect world, we wouldn't need to remind you how important the password is. We wouldn't need to tell you that it must be long, complex, and unique. Unfortunately, evidence suggests that many people have trouble understanding these seemingly simple rules of thumb. And the excuse that remembering all these passwords is difficult no longer works because people now have access to tools that can do all the work for them. A good password is the foundation of the security of any online asset, but sometimes, even it might not be enough to stop the bad guys from breaking in. Fortunately, there are now more than a few widely-adopted mechanisms that often succeed where the password fails.
Repeat after us: Two-factor authentication must be enabled wherever possible
Two-factor authentication (2FA) is the easiest way of ensuring that your password isn't the only line of defense. All major email providers support some form of 2FA, and if you haven't done so already, you should turn it on as soon as possible.
Although it's been with us for some time now, some people still have trouble understanding how it works, and additional confusion might arise from the fact that there are multiple different 2FA systems. In simple terms, a 2FA system requires you to go through one more step in order to complete the authentication process. In most cases, this step involves plugging in a special device into your PC or entering a temporary code that is either sent to you or generated by a mobile application.
Some providers offer a choice of several different 2FA systems, and it's important to pick the right one. Two-factor authentication with a U2F token, for example, is much more robust than two-factor authentication via SMS messages. Do some research, check out the options, and choose the right one depending on your needs and threat model. Just remember: an imperfect two-factor authentication is better than no two-factor authentication.
Review the activity on your account
Admittedly, in most cases, the hackers that compromise your email account either embark on a password resetting spree which locks you out of the rest of your profiles, or they use your address for sending spam. Both of these activities are relatively noisy, and you find out that something is wrong fairly quickly. In some cases, however, the crooks remain quiet.
That, among other things, is why most email providers give users an easy way of seeing who and from where has been connected to their email accounts. Again, there are differences between providers, but in most cases, it's in the form of a table that tells you which IPs have been accessing your inbox, when they've done it, their geolocation, and the type(s) of devices used. Needless to say, if you see something you don't recognize, take the appropriate steps to secure your account.
On a desktop computer, you usually access your email either through a browser or via a dedicated email client. On your phone or tablet, it's most likely tied to a mobile application. It's important to keep all this software, as well as your operating system, as up-to-date as possible.
Most users get prompted about updates all the time, and, annoying as it is, there is a very good reason for all the nagging. Security specialists willingly and unwillingly find flaws in all sorts of applications every single day. They disclose their findings to the software vendors who push out updates that plug the security holes. The information eventually becomes publicly available, and it's extremely important to have all the updates installed, and, therefore, all the vulnerabilities patched, before the hackers learn about them.
Don't share your email address unless you really need to
This, of course, doesn't mean that you should keep your email address a secret. Its point is to give people a way of getting in touch with you. At the same time, however, you don't want to be reached by everyone which is why it pays to limit the number of people and organizations that know it.
A good idea would be to have at least one more email account which you use for things like creating profiles at less important websites and platforms. Ideally, it shouldn't reveal your full name, and you'll only access it when you need to.
The idea is that even if the secondary address gets exposed in some way, you won't really notice the damage. The inbox might be overflowing with spam, but you won't care that much because your primary email is relatively clean.
Up your cybersecurity game
Taking advantage of all the tools technology gives us is important when securing something as valuable as your email account. In the end, however, it will be you who is clicking the mouse and pressing the keys which means that ultimately, you are the one who needs to be on the alert. Today's cybercriminals have got social engineering down to a fine art, and the confidence tricks they pull off are amazingly clever sometimes. This is why, it's more important than ever to take everything you see with a pinch of salt. Don't click every link you find in your inbox and don't open attachments indiscriminately. Always double check to ensure that everything is as it should be before you enter any usernames, passwords, or 2FA codes.
You must understand that you are responsible for keeping your accounts safe, and the only way to do that is to be aware of the danger and to avoid making the all-too-common mistake of convincing yourself that it won't happen to you.