One of the very worst breaches that can happen to you is for an attacker to be able to access your email account. If someone else can access your email, and read the messages you send and receive, and access your contact list and calendar, then they can learn many personal details about you that would make it easier to steal your identity, access other web accounts using the password reset process, or scam you or your contacts by email.
Back on May 4th, cybersecurity investigator Alex Holden reported finding 272.3 million email credentials online. In reality, once duplicates were removed, this was “only” 57 million unique user accounts. And the majority of the credentials were for mail.ru accounts. Mail.ru is the most popular email service in Russia, so for most of us this is not an issue. But there were still tens of millions of user credentials from Google, Yahoo, and Microsoft email services.
If you have an account with Google, Yahoo, or Microsoft, you might want to take this opportunity to change it. If you email account was actually breached, you may get an email from your service provider confirming that fact.
My advice on email account security is this:
- Your email account needs a unique password that is never shared with any other account.
- Your password should be long, at least 12 characters or longer.
- Your password should be complex. You should use a mixture of UPPER case, lower case, num83r2, and $ymb#!s (symbols).
- Use two-factor authentication such as Google Authenticator.
- Set up an alternate recovery email account with your email service.
- Set up a phone number for SMS recovery codes.
- Set up secret questions and answers for recovery purposes.
- Use a password management system such as LastPass or DashLane.
Securing your email account is one of the most important ways you can protect your digital life. Don’t put this off. If your email password does not pass muter fix it today.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com