11 Best Practices to Secure Your Email Account

by Carson
117 views
Aspects of account security

Securing your email account is essential. However, it may not be easy to achieve. Fortunately, we collected a list of 11 best practices to secure your email accounts, and you’ll probably be safe rather than sorry.

Table of Contents

  1. Use Strong Passwords
  2. Use Multi-Factor Authentication
  3. Treat Security Questions as Passwords
  4. Look out for Spam
  5. Never Click on Links and Open Attachments
  6. Backup Important Emails
  7. Use a VPN
  8. Use Unpredictable Email Addresses
  9. Never Enter Passwords on Emails
  10. Use Multiple Email Addresses with Different Passwords
  11. Get Ready to be Hacked

So, let’s dive into the issue.

1. Use Strong Passwords

Firstly, you have to review your password and check its strength. If it’s something like “123456”, “iloveyou”, or “password”, you must change it immediately. That’s because anyone with your email address can log in, view your inbox, steal sensitive information, or even lock you out from access!

Here are the dos and don’ts for choosing a password:

DOs:

  • Use 12 characters or more
  • Include uppercase and lowercase letters, numbers, and special characters
  • Make it a passphrase
  • Utilize a password manager
  • Regularly search for data breaches
  • Change your passwords regularly only if you’re confident to create strong passwords at anytime
What should passwords be?
Image Credit: Canva

DON’Ts:

  • Don’t include personal information
  • Don’t use words in a dictionary
  • Don’t use predictable patterns and simple algorithms
  • Don’t extract sentences from songs or poems
  • Don’t store passwords in a regular document or anywhere in sight of a camera
  • Don’t reuse passwords

To view more tips and examples, please go to our password guide.

2. Use Multi-Factor Authentication

To keep your account secure, you should utilize multi-factor authentication whenever possible. A login system with multi-factor authentication logs in a user only if the server approves two or more user inputs associated with authentication methods.

For instance, a login system should say a password is not enough. Therefore, the system will send a message to the phone containing the one-time verification code that can only be used on one login session.

Although adding any forms of authentications can surely enhance your security, SMS is not your best choice. According to a kaspersky.com article, attackers can easily see the codes on the lock screen notifications or use malware to send the SMS messages back to the hacker.

As a result, it’s better to use authenticator apps to generate one-time passcodes for the connected online account(s). You can also use your biosignatures, such as your fingerprint, to log in.

Forms of authentication
Image Credit: Canva

3. Treat Security Questions as Passwords

However, login systems are not just about authentications — they should give options to recover your account in case you forgot it. Unfortunately, hackers can use this, too.

They will try to pretend it’s you by filling in security questions with common answers. For example, the question for “What is your favorite spacecraft” may leave hackers to fill in “Voyager 1”, “Mars Science Laboratory”, or “Cassini”.

Therefore, when you are asked to fill in security questions, leave them blank if possible. If you can’t, treat them as individual passwords. Follow the password rules above and read the password guide.

4. Look out for Spam

Let’s go into the email inbox after preventing access to unauthorized hackers. You still face many threats there, including spam emails, which is self-explanatory.

How to recognize spam emails? Here are some questions you must ask:

  1. Does it give an unnecessary sense of urgency, such as asking you to verify your personal information?
  2. Does it contain login forms that allow you to enter your password?
  3. Is the sender’s email address legitimate?
  4. Are there generic greetings from organizations that you signed up on?
  5. Are there “facts” that severely misalign with what you know?
  6. Is the request or the promotion in the email “too good to be true”?

If you answered “yes” for any of the questions, delete the email immediately without further ado. Moreover, if the sender’s email address is from your friends or family members, contact them from other methods and ask them to log in. Their email account is likely compromised.

Common features of spam emails
Image Credit: Canva

5. Never Click on Links and Open Attachments

Links and attachments are common places to hide malware or phishing pages that can steal your data and passwords. Therefore, never click on any links and open any attachments through email unless the sender is legitimate and you expect to receive that email.

Furthermore, if a friend sends you an email to talk about his/her daily lives, he/she probably won’t provide any links and attachments. Even if you’re pretty sure, don’t click on anything that comes from this type of email. There might be phishing scams that build relationships.

Check the Source

Still, some links are worth clicking. Therefore, if none of the parameters indicate the email is spam, you should check the link target. Ensure that no typos appear in the URL and the website is HTTPS. Also, try to open the source code adding view-source before http or https, and check that once again (if you can read HTML).

Be Aware of Pharming

Even if the domain target is authoritative, there is still one possibility to attack your accounts with “legitimate” websites — by pharming. Pharming means to change the DNS cache or modify the DNS records on the DNS servers. If the user types in the domain correctly by hand, it will still go to a malicious page if the corresponding IP address is modified incorrectly.

If you accidentally clicked on a phishing link, the outcomes will range from the potential of stealing your information to ruining your computer quickly.

6. Backup Important Emails

Still, you don’t want some of your emails to be lost when something awful happens at your address. Therefore, you want to backup your emails that contain some essential business information or documents, right?

You can either forward it to another of your email address or keep the copy on external drives and servers on the cloud. All in all, just maintain the safety of your important documents and photos that you can’t lose.

7. Use a VPN

If you want to be secure on public networks, use a VPN. It hides your IP addresses and, redirects all submitted user inputs to the VPN server before going to the actual recipient.

It can also encrypt your message end-to-end, meaning that it’s much harder for a hacker in the same network to read the sensitive data you’re sending. However, VPNs will not save you from malware, so keep looking at the tips.

8. Use Unpredictable Email Addresses

It’s a common practice to use your name in your primary email address, but it’s not the best practice. If you reveal an easy-to-remember address on social media, chances are you’ll get a lot of spam.

Thus, it’s better to have an email address that does not contain personal information, or at least what you shared on social media. Remember that knowing your address is halfway to logging in, and scammers will always find an opportunity to target you to steal your information explicitly..

9. Never Enter Passwords on Emails

As Google stated:

Important: Google never asks for your password over email, phone call, or message. Only enter your password at accounts.google.com.”

Google Account Help, n.d.

This is Google’s warning about entering passwords in emails, phone calls, or messages. These guidelines apply to every other organization, too.

Remember not to enter any login credentials in these circumstances. Only submit them when you’re sure it’s the official login page of the site. Even so, regularly search for data breaches that may bring your usernames and passwords in the dark web.

10. Use Multiple Email Addresses with Different Passwords

Moreover, remember to set up multiple email addresses to improve security. Why does this matter? Firstly, it can separate your business, social, and personal accounts. It can make you manage your inboxes and spam emails better.

Additionally, it’s best for your primary email address to be anonymous and not reveal it anywhere online. That will reduce spam, although it makes your address harder to remember.

Last but not least, a second email address can also act as a backup if something goes wrong with your primary one. It can be used to notify you for any significant changes to your account, and it will hopefully help you get in if you forgot your password.

11. Get Ready to be Hacked

There are still some chances of being hacked despite all precautions you may have taken. Consequently, there is one more good practice in this article. It is to get ready to be compromised.

Ask all of these questions frequently below to look for unusual activities in your email account:

  1. Are there emails you didn’t send in the “Sent” category?
  2. Are there new devices that logged in into the account that you don’t recognize?
  3. Is your password changed without your permission?
  4. Are there other unusual activities on the account?
  5. Does the amount of spam emails suddenly increase without apparent reason?

If one of the answers is “yes”, your account has probably been logged in by hackers. Change your password and security questions immediately. Validate your recovery information right away. Do your best to get hackers out of your account.

Moreover, try to get some inspirations or make up your own sentences. Be prepared to change all your password at any moment.

Conclusion

In this article, we introduced 11 best practices for your email account security. You can follow more tips, and you have to learn more to familiarize yourself with the vocabularies. To achieve that, please look at the references below.

References and Credits

  1. Bill Minahan. (n.d.). How to Create a Strong Password You Can Remember 2021 |. Retrieved January 24, 2021, from https://www.anetworks.com/how-to-create-a-strong-password-2021/
  2. Leo A. Notenboom. (2020, March 30). How Do I Choose a Good Password? – Ask Leo!. Retrieved January 24, 2021, from https://askleo.com/how_do_i_choose_a_good_password/
  3. Alex Drozhzhin. (2018, October 16). SMS-based two-factor authentication is not safe — consider these alternative 2FA methods instead – Kaspersky. Retrieved January 24, 2021, from https://usa.kaspersky.com/blog/2fa-practical-guide/16398/
  4. (2020, September 25). What is phishing? How to recognize and avoid phishing scams – Norton. Retrieved January 24, 2021, from https://us.norton.com/internetsecurity-online-scams-what-is-phishing.html
  5. (n.d.). Pharming – What is it and how to prevent it? | Malwarebytes. Retrieved January 24, 2021, from https://www.malwarebytes.com/pharming/
  6. (2020, February 28). Does a VPN protect you on public WIFI? | NordVPN. Retrieved January 24, 2021, from https://nordvpn.com/blog/securing-public-wi-fi/
  7. (2020, June 15). Does a VPN Protect You from Hackers? | CactusVPN. Retrieved January 24, 2021, from https://www.cactusvpn.com/vpn/does-a-vpn-protect-you-from-hackers/
  8. (n.d.). Tips to complete account recovery steps – Google Account Help. Retrieved January 24, 2021, from https://support.google.com/accounts/answer/7299973?hl=en
  9. Rhiannon. (2019, May 21). 4 Reasons to Use Multiple Email Addresses to Protect Your Privacy. Retrieved January 24, 2021, from https://www.hotbot.com/blog/4-reasons-to-use-multiple-email-addresses-to-protect-your-privacy/

Related Posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.