5 steps to lock your webmail account – Naked Security


For most people, webmail is their primary personal account – used for everything from keeping in touch with friends and relatives to dealing with banks, government, shopping sites, and other online services. .

The ‘Big 3’ are Google’s Gmail, Yahoo! Mail and Outlook.com from Microsoft (formerly Hotmail), and even two years ago they were estimated to share over a billion users.

Webmail is a prime target for cyber crooks, so it’s critical that we keep all of our accounts as safe and secure as possible. Here are some of the most important steps to prevent unwanted people from accessing your account.

1. Secure your password

The password is the basic standard of authentication, and by now we should all understand the importance of choosing a good one, of making it difficult to guess and crack, and not to reuse it elsewhere.

Password managers can help, but your primary webmail account might just be one that you keep in your own memory. You can write down your password, just be sure to keep the written copy in a safe place. Whatever you do, avoid the old post-it favorite on the side of your screen.

Don’t share it with social media sites – LinkedIn likes to offer you “easy” ways to upload your contact lists and other data to their systems, often for their own benefit as well as yours, and will try to persuade you to give them your word. pass to enter. Just say no to such kind offers.

Learn to spot and avoid phishing attempts, and when entering your password through a browser, make sure you’re on the correct site with https enabled. Password managers can help you because they will refuse to enter your password if you are not on the right site.

Finally, make sure your password recovery / reset the options are safe. You need your email address or secondary phone number to be as secure as possible, so ideally use a business email account (as long as you trust IT admin security awareness in your workplace) and a personal cell phone number that you have access to.

Another common reset option is a “Security QuestionMake sure the answer you choose isn’t easy to find – your mother’s maiden name and your first school aren’t secrets, even your first pet’s name or your type of. Favorite pie can be easily found by digging through your social media posts. Ideally, make your answer an absurd passphrase that could never be guessed. Store it in a secure form such as a note in a word manager password if you can’t remember it easily.

2. Strengthen your connection with 2-factor authentication

Any decent provider should offer options for two-factor authentication (2FA). They sometimes call it “2-step verification”, or in the case of Yahoo! Mail, “second connection verification”.

Telephone.  Image courtesy of ShutterstockAdding a second factor to the authentication process adds a much bigger hurdle for hackers to overcome. If they get your password somehow, they’re still no better off if you’ve enabled 2FA and they don’t have access to your secondary codes.

You can ask your email provider to send a one-time code in the form of a text or voice message every time you try to log into your account. If you do not have a mobile phone to which verification numbers can be texted, in some systems you can use a landline to receive codes as automated voicemail messages.

Some providers also offer the option of using a code generation device or application provide codes. Google’s Authenticator app is supported by both Gmail and Outlook.com – the app is available for most mobile platforms and also supports other services including Dropbox, Evernote, Facebook, Tumblr, WordPress and several password managers.

One of the main advantages of the authenticator app or a standalone code generation dongle is that you can get codes even when you don’t have access to a telephone network or want to avoid the cost of telephone. Google’s app has seen some swings in the past, but it’s generally reliable and easy to use.

To avoid the hassle of always needing a code, you can usually tell your webmail provider to trust a given computer once the initial code has been entered, future connections to this machine will therefore only require your usual password.

For devices and platforms that cannot manage a secondary code, such as email applications on mobile devices or email client programs like Outlook or Thunderbird, unique access codes can be generated and used at the same time. instead of your normal password. You should be able to generate a list of unique codes which can be used if you lose your phone or get disconnected. Print them out and keep them in a safe place. Or, you can paste them into a file and strongly encrypt it.

3. Secure the devices you use to access webmail

You need to make sure that your “trusted” devices are worth that trust. Keep your computers and mobiles well protected against malware intrusion, with quality security software that is properly configured and kept up to date.

Padlock.  Image courtesy of ShutterstockKeep your operating system and all other software fully patched and up to date too, because you never know what routes may become available for bad guys to penetrate your defenses.

Also make sure you have a screen lock and that it is active whenever you leave your computer for more than a few moments or whenever your phone goes to sleep. Use the strongest passwords you can manage for both logging in to your computer and locking your mobile screen, and protect those passwords as well.

Avoid using public machines to access your mail where possible. If you need to log in from an internet cafe or hotel, be extra careful, first make sure 2FA is turned on, and consider changing your password once you are back safe.

If you are using a trusted machine but an unknown connection, like public wifi at an airport or coffee shop, consider using a VPN system to connect to the internet through a secure tunnel – a range of online services are available, or you can even run your own VPN and connect securely through your own home, wherever you are.

4. Check your settings and alerts

Check all settings every few months, and take a look at the sections on security and privacy. Check for changes that might have been made by malicious intruders or by the service provider during a policy update or adjustment.

It should be noted that for certain services such as Google or Outlook parameters can be divided between the email-centric options and the broader account options, so you might have to look in both places.

If you’re worried that someone has broken into your account, a good place to start is recent login activity. Keep an eye on the details of Recent logins, and make sure there aren’t any unexpected places.

Also check the automatic redirect emails to another account. If someone has accessed your settings, they might have configured it, so check them for addresses you don’t know.

In some services such as Gmail, you can also grant full access to your account, including contacts as well as emails, to “to delegate“Accounts, websites or apps. It can be even more powerful than the transfer and shouldn’t contain anything you don’t want or need.

Get to know the full range of options offered by your provider and think about how they might be misused. Watch for any unexpected changes.

5. Secure your content

One more thing to consider, especially relevant in the wake of the recent spate of celebrity photo theft: Email accounts contain all kinds of information, buried in countless chat streams.

Along with large amounts of free storage, they’re also a handy repository for things we don’t want to lose or forget.

Think about what’s going on in your emails. If you have something particularly sensitive that you wouldn’t want to divulge to the world, maybe emailing it (even just to yourself) isn’t the safest thing to do.

If you really need to send or store very sensitive items, encrypt them well.

Email, phone, and phone security images courtesy of Shutterstock.