Your data is valuable and sensitive. This is especially true for your email account, which contains personal and professional emails, bank correspondence, CVs, and plenty of receipts. Using the contents of your email account, one could easily reconstruct your entire life.
Additionally, somebody with access to your email account could use it to:
- Reset your passwords with other platforms and gain access to more accounts
- Impersonate you in your correspondence with colleagues and friends and cause irreparable financial or reputational damage to you and your company.
Your email account should receive the most care of all your accounts. Without a secure email account, no other accounts are secure. Here’s how you can make sure your email is safe.
#1 Set a good password for your device
Your email may be stored on your computer, alongside the credentials to log in, meaning that anyone with access to your computer may have the ability to access your email.
Luckily, this is limited to those with physical access to the computer (and not hackers on the internet), but in case you lose your phone or computer or have it stolen, you should spare yourself the additional headache of losing control of your email.
Any computer or phone will make it easy for you to set a password. Go to your device’s settings and set a strong yet memorable password. You’ll enter it every time you start up your device or install software, so you’ll remember it easily.
This password is supposed to protect against physical intruders, so don’t write it down on the bottom on your device, or on a note in your drawer.
If you are afraid you might forget the password, possibly because you use the device rarely:
- Store a note with the password in a different, secure location
- Use a password manager on a device you regularly use
- Test the strength of the password as an attacker may use machines to guess millions of common passwords at a time
#2 Encrypt your hard drive
Your password gives access to your computer, but unless your hard drive is encrypted, anybody with access to your machine could copy your hard drive or remove it from the computer and read your emails.
Most modern laptops will encrypt the drive automatically. You can check Bitlocker on Windows or FileVault on Mac OS whether this feature is enabled on your machine. iOS will have this feature always enabled by default, and on Android, you will be able to check in the phone settings. On Linux, such features can be enabled, too.
#3 Use a password manager
Remembering passwords can be a difficult task, especially given the dozens (or even hundreds) of online shopping, social media, or forums we may have signed up for. Reusing passwords across different services is an absolute taboo, as this makes it easy to phish (fraudulently obtain) your password, and if any of the services you use is exposed or run by an evil administrator, all your other accounts are instantly compromised.
- Have to think of new passwords for your accounts
- Remember which email you used for which account
Even extra information such as encryption keys or recovery phrases can be stored in there.
Some password managers can autofill your login pages so you’ll only ever have to click the login field, and they will automatically create a save password and store it for you when you sign up for a new service.
The only passwords you’ll ever have to remember are the password to your computer and the password to your password manager.
#4 Use two-factor authentication
Even when using a password manager, there is still a minor chance somebody will obtain your password, for example, by directing you to a phishing site (a fake but convincing site where you enter your password). Also, somebody who hacks the password database of the service you use might be able to get your password and log into your account.
To prevent this, use Two-factor authentication (2FA). 2FA means we use two different types of credentials, usually:
- The password
- Something you have in your possession
The ‘something’ is usually your phone (using SMS or an authenticator app) or a specialized encryption key you carry with you.
- The most common type of 2FA method is SMS. You enter your phone number to the email service you use, and every time you log into from a new device you are sent a one-time password by text message. This makes it a lot harder for anyone to take over your account because they not only need to know your password but also be in possession of your phone.
- Of all, SMS is by far the least secure 2FA option. Some mobile phone providers (especially in the United States) make it easy for anyone to fraudulently take over your phone number, while in others (such as China) the government has access to your text messages.
○ Authenticator App
- An Authenticator App is an app you install on your phone that creates a new code every minute. This code pairs with the site or app you want to use to authenticate yourself. Unlike the SMS option, it also works if you don’t have cell phone reception and nobody can intercept your codes.
○ Hardware token
- The strongest method for two-factor authentication is a hardware token, such as a FIDO U2F key. This open standard allows you to carry an encryption key on your keychain, which you can slide it into your USB port or past your NFC antenna for authentication. Unlike other options of two-factor authentication, a hardware token can also verify the identity of the service you are logging in to, efficiently protecting you from phishing attacks.
#5 Take care of backup codes
The majority of your work securing your account is now done. Many providers allow you to create backup codes for the case that you lose your phone or don’t have your hardware token at hand. That’s a great feature, but be careful with where you store these codes. If you leave them on your desk, anybody who walks past might be able to use them to get into your account. Best to put them in a safe!
#6 Review apps and connected devices
Before you log out of your account, review the list of connected apps and devices. If there is an app you don’t recognize, or aren’t sure if they are yours, best to disconnect them! Worst case, you’ll have to grant permission them again on the next login.
Now that you have a secure email account, it’s time to give other accounts the same treatment. Since your computer now has a good password and you are using a password manager, start with:
- Changing your passwords on your accounts
- Enabling two-factor authentication
- Reviewing the connected apps and devices
By following these simple steps diligently, you’re now pretty much unhackable.
a financial security concept