Every service on the web will ask you for your email address, even when you’re creating a new email account. An email is always a backup plan for times when you can’t remember your password, or you can’t access your account; and since that’s the simplest way to confirm your identity, almost every site will do that. But what if someone hacks, and successfully hijacks your email account? With the current authentication services, a hacker could take over your whole online identity, including every site you care about.
But we don’t want that to happen, so follow these simple tips to transform your email address in the stronghold you need to keep your online identity safe and sound.
1. Avoid using corporate emails or custom domain names as your main email account
Yeah, email@example.com looks much cooler than firstname.lastname@example.org, but also much less secure. If you own superfancy.com, that means you’ll need to buy the domain name forever if you want to keep that account; and if you use a corporate email address, you’ll lose it as soon as you leave the company. Personal and private data shouldn’t ever be anchored to third parties, unless you completely trust them.
Big players such as Google’s Gmail, Yahoo! Mail, and Microsoft’s Outlook aren’t likely to stop providing you with service. And even if they change things around, your account will still be available, like what happened during the transition from Hotmail to Outlook. You should trust these players if you care about your account’s expiration date.
But this doesn’t mean you shouldn’t send mail as email@example.com, just don’t use that account as your primary one. You can use email accounts from your Gmail, Outlook, or Yahoo! Mail inbox, including firstname.lastname@example.org. Check the Email Accounts options for each provider for more information.
2. Create strong passwords
This seems like the most basic tip on security, but we can’t insist enough on the importance of strong passwords! If you need more information about this, or need a new tool to store mega-secure passwords for you, check this post: Tip: How to secure and test your passwords.
3. Activate two-step verification for your email account
But what if someone successfully guesses or cracks your password? Two-step verification, or two-factor authentication is a method used by banks, and many big websites that force people to type-in a unique code every time they’re accessing their account from a new device. The code is sent using special applications, or texting your phone with the verification code. This means that even if your credentials are exposed, no one will be able to access your account without also having your phone with them.
Two-step verification protects you not only against password-guessing, but also against other forms of account hijacking. It would have protected Mat Honan, a Wired’s senior writer whose Google account, Amazon Account, and Apple ID were compromised without even having to get his password. Why? Because hackers wanted his cool, three characters long Twitter username @mat.
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them in turn get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
4. Check active sessions
Step #3 should be enough to secure your Google or Yahoo! email account, there’s one more thing you can do. Gmail allows you to check your accounts sessions’ log making sure nobody else is accessing your inbox. You can do that in Gmail on the right side of the footer, where it says “Last account activity: X minutes ago. Details“. Are all sessions yours? Is there anyone from another country signing into your account?
After following these tips your email account should be a true digital stronghold, no matter what devices you use, or even if someone else gets your password. And if your other accounts on other sites across the web are ever compromised, you will always be able to regain access using your super-secure email account. Just don’t forget your phone, or you won’t be able to access your inbox!
Photo: Andrew Becraft (cc)