Lock down your webmail accounts

spemail-logoEveryone has a web mail account either through their ISP (iiNet, Telstra, Westnet etc.) or through a mail provider (GMail, Yahoo!Mail, Outlook.com) and not everyone is as secure as they should be.

In 2014 the biggest user of emails (other than spam emails) have been businesses sending over 108.7 Billion emails per DAY. It has been estimated that by 2018 that number will grow to over 139.4 billion per day.

Every year over 1.2 billion email accounts are ‘stolen’ or someone has gained access to the accounts. This lets them access everything that is attached to that account including Facebook, Youtube, eBay, Paypal and even your personal online banking. It can even expose your business email accounts not to mention massive amounts of personal data that certain people can use to harass and destroy people’s lives.

Webmail is a huge target for cyber crooks because of the large amount of information they can steal in one go. So here are a few things you can do to keep those unwanted guests out of your account.

1. A secure password

mgr-passwordsThis is a major one as people thing using a series of capital letters with numbers and special characters is going to help them. Sadly they will not do much. For example lets look at the following 2 passwords:

  1. !MyD0g$
  2. ThisIsMyLongPassword

The top one looks hard to remember and is the normal length for most passwords people use. Sadly it is not good enough as it will take a standard Desktop computer around an hour to crack that password. A computer dedicated to cracking passwords could do this in a few seconds. The second password will take 165 quadrillion years to crack with a standard desktop. That would probably still take a server that has been built with the purpose of cracking these password far too long to crack.

Now don’t go using the above password, without special characters and numbers it is still not a very secure password but it shows that length is best over complexity.

So how do you pick the perfect password? Rather than re-write a poor copy i will simply send you over to Naked Security’s How to choose a strong password post.

2. Set up Two-Factor Authentication

two-factor-token.jpg.scaled500Most mail providers offer two-factor authentication for logging in to your email account. This is basically a second step after your password to authenticate who you are and is generally something that is near impossible for someone other than you to do. This can be something small like a few security questions (generally not that secure as these are not dynamic) to a text message to your personal phone (the number is always the one on the account so it cannot be changed without access) and some times it can be using a physical authenticator that randomly generates 6 number passwords for your account.

These features allow you to secure any account as the cyber crook will not have access to your phone or any other physical device and they would be unable to pass the second level of authentication.

Most email Providers like Gmail, Yahoo!Mail and Outlook.co (Formally hotmail) all allow their users to set up these two-factor authentication settings.

3. Secure your devices

secure-laptopAnother thing you will want to do to make sure people can not access your emails is to secure all your devices. Use passwords on your Laptop Computer, Desktop Computer, Mobile Phones and Tablets. Using a password will stop anyone who gains physical access to your devices from gaining access to your emails without that password.

iPhones, iPads, Android phones and various tablets will all support user passwords that require the password to be entered whenever the user attempts to use the device. Laptops and the such are a bit different and need the setting to be enabled before this will happen.

Avoid using publicly shared computers to access any of your personal accounts. These machines may be infected by any number of viruses/malware programs that monitor what is done on each computer. It is just safer this way.

Also remember to keep all your devices up to date. Outdated operating systems help cyber crooks infect computers and Microsoft/Apple work very hard to keep these bugs patched.

4. Check your settings and alerts

Alert-Email-Management-281x300Check through all your webmail settings and alerts every few months. A large number of webmail providers allow emails to be forwarded to additional addresses so if someone has gained access to your emails they can start receiving every email you get. They may also set up what is called a secondary address which can allow you reset the password or regain access to the mail account.

Most big mail providers also allow you to view where you have logged in from. These are a great place to look for people who may have gained access to your mail account. If you see that someone from Singapore or China has logged into your account and you are from Perth or Sydney then you know someone has gained access to the account and can begin changing your passwords and checking all your settings.

In Short…

To keep your webmail accounts safe you should keep an eye on who has access to your accounts and make sure you follow the instructions above.

  1. Use a strong safe password that is unique
  2. Enable Two-Factor Authentication to keep your account as safe as possible
  3. Keep your devices safe and secure
  4. Keep an eye on who accesses your account and the accounts settings

This will help keep your account safe, secure and keep you worry free.