10 Simple Tips to Secure Your Email Account

It’s tough to get people to pay attention and be serious about their online identity. An Email account is the first and primary component of your online identity and yet it’s the one that is left unguarded the most. Email accounts may be virtual but once hacked, the consequences and damages are very real.

The problem with a hacked email account is the domino effect. All registrations, purchases, renewals, transactions, password reminders etc. are sent to your email inbox. So once the first domino falls, the entire setup falls apart in one fell swoop. After the jump, we’ve rounded up a few tips that can help you secure your email accounts of popular webmail services.

Use a Strong Password

Strong Password

Strong Password

Yes, I know this is what every other tech blogger says every single time. But that has never made people any wiser. Even hackers feel insulted when they come across passwords like “sweetlove123”, “pass@123” and the like. Google is the best when it comes to putting real effort into securing your email account proactively. You can use special characters, numbers, upper and lower case alphabets of almost any length. My Gmail password is between 60 to 80 characters long and my general rule of thumb is to have a password that only the NSA can hack.

Use a reliable Secondary Email Address

Absolutely no Hotmail accounts for secondary fallback email account people. They still have their stone age era email account expiry plan after certain number days of non usage. So if the secondary email address is Hotmail and is expired, anyone create it back again to receive password reset information. And since webmail providers have this peculiar habit of giving all kinds of hints to remind you of the email address where the password recovery link has been sent, use an uncommon, custom domain or corporate email address that is hard to guess and hack into.

Setup SMS Alerts

SMS Alerts

SMS Alerts

Go to your account settings and add your mobile number to receive SMS alerts. Once that’s set up, Google will send you the password reset code whenever somebody tries to reset your password. Alternatively, if you are a smartphone user, you can rely on these SMS alerts and disable password recovery via email altogether. Email accounts are always vulnerable to a hacker from a remote place but your mobile phone is not. Yahoo provides the same feature free too. Hotmail has a similar feature but is not supported in a lot of countries.

Be sensible with your security question

Ok. There’s absolutely no point in having the security question, “My favorite doggy”, and posting pics of you and your poodle with images titled “Rolling with Rosy” on Facebook and Twitter. A lot of personal information is available online, thanks to social networks. On being the weakest links in the email security chain, security questions rank ahead of weak passwords. It’s nice to be an open book but select a question from those stapled pages and blacked out lines.

Check Filters and Forwarding Addresses

In the event of a hack and after reclaiming the account, go through the existing filters to check if there are some sneaky filters set up that forward all your credit card, login info, bank account and other sensitive correspondence to an email address that is not yours. Go to the forwarding page and see that all your incoming mails are not forwarded to the hacker either. This helps you avoid getting hacked in the future too.

Avoid Public WiFi

Happy to have discovered an unsecured WiFi hotspot? Or mooching your neighbour’s spilt WiFi? Enjoying the free WiFi of the coffee shop round the corner? Good for you and so is for the hacker sitting nearby to sniff the packets right out of thin air. Avoid using public WiFi for accessing email or transacting online with a credit card. Casual browsing and YouTube watching (without logging in) are Ok. Accessing emails is a big no, no.

Do not share your login information

Another obvious fact. But at times, it’s necessary for small businesses and online entrepreneurs to share login information with colleagues. For example, accessing Google AdSense, Analytics or Microsoft Live services etc. The ideal solution is to create a dedicated account for accessing these services instead of linking everything to your personal email id and sharing it.

Login regularly

Even if a hacker gets hold of the answer to your security question, they cannot use it immediately to reset the password and break into your Gmail account. Password reset with security question is possible only after 24 hours of your account being inactive after receiving the password reset instructions. So for once, checking your mail regularly is a good thing. Also, it will help reset the Hotmail account’s expiry date. Unfortunately Hotmail and Yahoo do not have this useful restriction in place.

Special Features

Gmail

Enable HTTPS by default from your account settings. This helps from the password getting sniffed when transmitted over public WiFi hot spots. If you are a Google Apps user, enable pre release features to avail the upcoming two factor authentication system before it launches.

Hotmail

Use the Windows Live Essentials package and verify the computer you are using as reliable. “Trusted PC” is a unique new proof that lets you link your Hotmail account with one or more of your personal computers. Then, if you ever need to regain control of your account by resetting your password, you simply have to use the trusted computer and Hotmail will know you are the legitimate owner. It’s a great feature for those who are really paranoid about email security.

Yahoo

Sign In Seal

Sign In Seal

Make use of the sign in seal option to verify the computer. Sign in seal is basically an image or color that Yahoo displays for each of your computers adding another layer of security to the login process.

Avoid Webmail

Still not sure about the safety and security of your email account online? It is totally understandable and I suggest you to take it off the Internet. I mean, partially. Get hold of an ISP and get a POP or IMAP account set up for your email address forgoing the webmail set up. Then use desktop email clients like Outlook or Thunderbird to pull your mails. It will make you feel dated, but is reliable and works effectively too.

Did we miss an important tip or got a better suggestion? Share it with the rest of community in the comments section.


  • http://loneplacebo.com Tony

    On Gmail, you can also check the latest account activity to see if another user is accessing your account (different IP Address or Access type). It’s great also since it allows you to sign out all other sessions if you think someone is accessing your email without authorization.

    This post about Gmail’s forwarding hack was brought to mind when reading this post: http://www.davidairey.com/google-gmail-security-hijack/

  • matthias

    i think you forgot the main security issue! what about email encryption? if you worry about sending your emails in plain text around the network/internet you have to encrypt them!

    • http://www.stravarius.com Justin Stravarius

      None of the webmail providers offer encryption by default and that’s why it did not make the list. It would be nice if Google introduced it!

      • Abby Normal

        hushmail is a webmail that offers encryption as its default method of sending. If you enable java, not even your password is sent over the connection, and you get end-to-end encryption.

  • Ben

    There’s nothing wrong with checking your email or purchasing items on your credit card over free wifi as long as you use SSL….!

  • http://www.chameleondsgn.blogspot.com Chameleon Dsgn

    Thats why I prefer Gmail instead of Hotmail, like Tony says on his comment Gmail allows to watch the lates IP entered your email account.

  • Jeff

    My problem is that i travel a lot, and I’m not always carrying my laptop with me. I don’t have a smartphone yet to download emails.

    Does anyone have a suggestion for us road warriors who use the cloud? Someone suggested i use the webmail that came with my domain. Is that any better secure?

    Thanks for any help.
    Jeff

  • zazie

    s il vous plait je veux mon facebook

  • Jakub

    If you are using android, check my Secure Phone with very nice pkcs11 and smime support

  • KUNDA MPHANDE

    I THINK WE NEED STRONG PROTECTIONG

  • http://www.midave.com May

    Thank you for your article.
    Choosing the right and secure email provider is number one for protecting email address.

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow