Security: Emails
In this article we are going to discuss ways to keep your email account secure and why it’s important.
The Why
Email accounts are attached to everything we use in our day to day online life. Some of these things hosting accounts, bank accounts, bills, taxes, etc. Lots of the information that comes into our email account can be considered very sensitive information if it were to fall into the wrong hands. Take this basic scenario as an example of why it is important to keep email accounts as secure as possible.
You have a bank account with Example Bank and Trust. They offer online banking and statements. With this online banking, you can transfer funds, apply for credit cards, and more all through their online interface. To log into their account you have to use an email address and a password. Because you read our security guide on passwords and you are using a very long, multi character password, you feel secure. However, what you don’t realize is that someone has gained access to your email account and is now able to reset the banks online password via the “password reset” option they offer. Because Example Bank and Trust emails you the new password, the person who gained access to your email account now has access to your bank’s website.
Now let’s come back out of the gloomy tale and let’s talk about how we could have prevented this.
Passwords
As we outline in our dedicated password article, passwords are the life blood of internet security. If you are not using a secure password for your email account, this could be an easy way for an assailant to gain access to everything you have ever registered for. Make sure you use strong, hard to crack/guess passwords on all of your sites. You should avoid using words as passwords and it should be a mixed set of characters with no less than 10-18 characters in length. It is also HIGHLY recommended that you do not use the same password for different aspects of your site. For example, do not use the same password for bank account login as your email password.
For a more in-depth article about passwords, please click here.
Security Questions
We go into more detail about security questions in our Social Engineering article but here are a few key points. Don’t use security questions that people can get the answers to. There are many ways to get personal information about you making most standard security questions worthless. If given the option, always use custom security questions so that you can put down your own question. It may also be a good idea to adopt some of not using the obvious. For example, you could have two questions but the answers could be reversed. Or you could use random phrases rather than legitimate awnsers.
Either way, if your email provider allows you to use security questions to reset your password, they need to be as secure as your password itself.
For more information about security questions and Social Engineering, please click here.
Private Email Address
Some people like to use a different email address for sensitive information. This email would never be used on public sites like Facebook nor would it be given out to people. Its only purpose is to be used for secure sites such as banks, hosting accounts, tax notices, etc. So long as normal people don’t know about it, and you don’t use it for regular sites, it makes it very difficult for people use this email address when trying to break into your more secure site registrations.
This concludes our article on email security and why it is important. For more articles about security, please click here.
