By Andrew E.
How to protect your email account from getting hacked or phished
Equifax. Target. Uber. LinkedIn. Yahoo. If there is one thing we have all learned, it is that nothing is safe these days, these companies – and others – clearly cannot be counted on to safeguard you from the dangers of hackers. In 2016 alone over 4 billion data records were stolen across the world.
Your email account should be treated as one the most closely guarded personal effects in your life. What were to happen if your email account were compromised and all the escrow money or their social security numbers your client had entrusted to you vanished due to you clicking on a suspect email link? That is a scenario none of us want.
To help safeguard you, and the interests of those you represent, use these five stages of email password security to protect your email account.
Level #1: “Uh, duh.”
The first stage is all about covering the basic best practices of email security.
Don’t use password, abcedfg or 1234567 as your email password
The best thing you can do today is to not use the things like “password,” abcdefg or 1234567 as your email passwords. According to Betterbuys.com these types of passwords can take a hacker just 0.29 milliseconds to hack and compromise your account.
0.29 Milliseconds: The amount of time it takes a hacker to crack a generic password.
Don’t believe me? Betterbuys.com has this nifty tool you can use to test the strength of your password (don’t worry they don’t keep the passwords.)
Use at least 12 characters when creating a password
The longer your password, the longer it takes hackers to crack your accounts and access sensitive information. On average, passwords with at least 12 characters can potentially take two centuries to crack.
Use Lowercase, Uppercase, numeric and special characters
Just how you construct, your password is just as important as a character count. The more thought you put into how your passwords are constructed, the more time it can take hackers to crack your account.
Level #2: “So you’re telling me there’s a chance.” – Lloyd Christmas
Even with a strong password, your chances of being compromised are still high. Hackers and phishers use a variety of programs and tactics to bilk people out of the personal information and other valuables (Mr. Robot anyone?)
At stage two it is about adding extra protection.
Use two-factor verification
The short version: When you use two-factor verification should someone have your password, they should not be able to login to your account(s) without first entering a security code sent via SMS text or through the use of an authentication app. The thinking behind this is “prove whom you say you are” especially if you are attempting to log in from a new phone or laptop.
Increase your phishing detection skills
Phishing occurs when a nefarious entity falsely represents themselves under the guise of being a legitimate company. Their end goal: tricking you into providing sensitive personal information, erroneously sending them money, and the list goes on.
To help you get better at recognizing fake websites and not giving up the proverbial farm, LifeHacker has some great tips, tricks, and tools you can use to protect you from phishing attempts.
Level #3: “That’s interesting, man.” – The Dude
Proactively monitoring your email account can be a great tool for keeping yourself safe and it is easy to set up. At this stage, it is all about keeping yourself informed about what is going on with your account(s) and making sure nothing funny is going on.
Turn on recent event monitoring
If you use notification messages for any apps on your smartphone or tablet, recent event notifications work in a similar way. This type of security helps you to know the exact time, place, and device that was used each time to access your account. Each email provider has different ways of customizing this type of security, so check with your email provider which options are available. I use both email and text notifications for my Gmail account to make sure I am not potentially missing out on any suspicious activity.
Level #4: “I’m putting it in the vault.” – Jerry Seinfeld
With the new layers of security for your email account (and, hopefully, your other important accounts) it can feel overwhelming trying to manage all the new changes. Fortunately, there’s an app for that.
Invest in a password manager vault app
It may seem counterproductive to stage one, but, utilizing a highly encrypted third-party solution for managing all of your passwords can be a lifesaver both for your sanity and time. The concept is simple: enter your login credentials for an account and utilize this as your single source of truth for managing all your accounts including your email account.
There are a lot of great options out on the market. To help you pick the one that is the best fit for you, LifeHacker has put together a great article highlighting the top five options ranked by consumers (I use LastPass).
Level #5: “You will lose.” – Ivan Drago
This stage is not for the lighthearted. If you want to have the highest level of protection against hacking, then read on.
Invest in a YubiKey
A Yubikey is the ultimate last line of defense in email security. Yubikey is a small thumb drive about the size of a quarter, fits on your keychain, and acts as a physical password vault. Translation: if you do not stick the Yubikey into your device, you can not access your email account.
You might be skeptical, but I can personally attest that this is one of my top three best personal investments of 2017. After experiencing my email account being hacked this year, I swore never to let it happen again, thus stumbling upon Yubikey. You can also have multiple Yubikeys tied to your accounts, so, just like your keys, if it happens to get misplaced, you can use a spare until finding your primary one. There is a variety of Yubikey options, so choose the one that best fits your needs.