If you are using Gmail, Yahoo Mail, or any flavor of Microsoft mail (Outlook.com, MSN, Hotmail, etc.) there are additional steps you should take to ensure that your email is not only secure, but that in the event your email account is hijacked and taken over by bad actors on the web, that you can recover it with a minimum of inconvenience. Here are the steps:
- Create a strong password that is unique for your email account. We are recommending to our clients that the password be ten characters or more. See my earlier post on Passwords for more instruction.
- Do not save your passwords in your browser. First, if you forget it, resetting your password and recovering your account will be much more difficult. Secondly, if your computer is lost or stolen, or someone else is using it, your email will be easily available to them.
- Enable two-factor authentication. This extra step will make logging into your account a bit more difficult, but it is worth it. The big three email providers all have smartphone apps that make using 2FA a snap on the phone.
- Create a second email account to be used to send your password reset information if your primary account has been hijacked and your password changed, then enter that address into your account settings
- If you have a phone capable of text messaging, set that up as another place that password reset information can be sent to you.
- If available, set up your secret questions and answers, in case you need to use these to recover your account.
- Enable encryption if it is available. Unencrypted email is sent over the Internet in a readable form, and can be easily read if intercepted. Encryption makes that impossible.
I have had many opportunities to work with clients who for one reason or another have had their email account password lost or changed without their knowledge, and if you cannot prove to the email service provider that you are the legitimate owner of the account, you may be unable to get it back, and will be left with no option but to create a new one.
Here are a some links to articles on Sophos that go into specific steps for select email service providers.
While you are at it, you might as well do the same thing for your Facebook, Twitter, and LinkedIn accounts.
Share
NOV
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com