In today’s digital age, there is a lot of your virtual presence connected to your email account. Your financial accounts, medical accounts, e-commerce accounts, etc. all require your email address. If your email account were to be hacked, all of the passwords to your digital accounts could be easily reset using your email. This could lead to financial loss, identity theft and a damaged reputation.
So, what can you do to protect your email account?
Create a strong password
Gone are the days when password1 was a sufficient password for your email. While it’s easy to remember, you’ll likely be hacked within 30 seconds. Surprisingly, it’s #9 on the top 10 most common passwords used in 2019 (OMG!). Your email password should be at least 20 characters long and contain lowercase, uppercase, and symbols. If you can make it longer, do it. Use a password generator to create randomized passwords. LastPass offers a free password generator on their website. Never use the same password twice.
Use a password manager
It’s 2019 and by now you probably have at least two-dozen online accounts. In 2018, over 2.5 billion user accounts were hacked. Often times, this is caused by the same password being used on multiple accounts (i.e. using the same login credentials for Facebook and Twitter).
Okay, you’re probably thinking, “I can’t remember unique passwords for so many accounts”. Well, you’re right. It would be impossible, especially when you get into the hundreds. The solution– rely on a password manager to help. With a password manager, you just need to remember 1 password (and make it strong). I recommend 1Password or LastPass. Both are top-notch services, have multiple layers of security and work on Mac, PC, Mobile, and any major web browser. You can even setup an account for the whole family and securely share login credentials.
23.2 million accounts use “123456” as a passwordHow hackable is your password?, CNN Business
Enable two-factor authentication
Two-Factor Authentication (2FA) is an additional layer of security that helps protect your email account (and other digital accounts) in the event your username and password is compromised. With 2FA, a hacker is deterred from accessing your email account if he/she were to gain access to your username and password. With most email service providers, there are a number of options for setting up 2FA.
- SMS – A text message containing a code will be sent from your email provider after you enter your user name and password
- Authentication App – You can install an authentication app on your phone and use a unique code each time you sign in to your email account. Authy and Duo are 2 free options.
- Phone call – Like a text message, some email providers can call you with a unique code each time you sign in.
- Hardware – A security device that plugs into your computer’s USB or taps against your mobile device. This security key allows you to use 2FA without generating a code. Yubico is one example.
Of the four 2FA options listed above, we recommend an authentication app. More often than not, you have your phone or tablet with you during times when you need to access a protected account. The same cannot be said for having a hardware security device, like a Yubico, on you at all times. Both SMS and phone call authentication are susceptible to SIM hacking and should only be used if it’s the only option. SIM hacking is when a hacker ports your mobile phone’s SIM card to their phone and uses it to 2FA into your account. A hacker can easily call your mobile phone provider and pretend to be you using personal information they’ve collected. Back in September of this year, Jack Dorsey’s Twitter account was compromised through SIM hacking. As a result, Twitter now offers an alternative 2FA option using an authenticator app.
Sign out of public devices
If you’re using a public computer or a computer that isn’t yours, I highly recommend that you log out of your email after use. This is a quick way to protect your account. It ensures you don’t leave the door to your email wide open to the next user.
Keep in mind that there is no full-proof way to prevent a hacker from compromising your account, but these simple steps will help thwart off the bad guys. You can also use these steps beyond email. Enable 2FA on any digital account that offers it. This extra layer of security will keep your mind at ease. You can also check to see if your email address has ever been part of a data breach by using Troy Hunt’s free tool, HaveIBeenPwned.
If you’re interested in getting early access to Memo to help us test, iterate and provide real user feedback so that we build something you’ll truly love and trust, we welcome you with open 🤗
If any of the information in this article is inaccurate or you have a copyright complaint, please email firstname.lastname@example.org.