Choosing a strong password to protect your online accounts should be a rule that should never actually be broken. For some services, password cracking doesn’t matter that much, but for example with social networking, online banking or similar, you definitely don’t want to lose that account.
But there is one service where breaking it could have downright serious consequences. This is our email account.
Our email inbox does not only contain our online correspondence (which, after all, can be found to a greater extent on social networks) and sensitive data, which we definitely do not want to lose. It is absolutely essential to protect your email inbox because it is an account that can be used to log in to a number of other services.
Table of Contents
The “Forgot your password?” function resets passwords
Almost every website that you can register and log in to includes a Forgot Password (or something similarly named) service. This feature makes it possible to get into your account if you forget or otherwise lose your password.
In practice, if we forget our password, we click on this text to request a new password. The new password or a link to set a new password will typically arrive in our e-mail.
This feature definitely comes in handy sometimes, just when we don’t know or forget our password for some reason. But it also potentially creates a weakness in security, because the email inbox becomes a very tempting target, which, by breaking it, an attacker can take control of almost any of our other accounts without us being able to do anything about it.
So losing an email inbox is really losing almost everything. An attacker can find the services we’ve signed up for and easily access them with a few clicks.
Email security principles
It is the security of the email inbox that we should take care of most of all. So how do we secure our inbox? We’ll take a look at a few basic tips:
A password that is incredibly difficult for attackers to crack, but easy to remember, is simply essential. In short:
- Passwords must not be very short – the recommendation is a bare minimum of 12 characters, and the more the better
- Passwords must not contain discoverable information – details such as your date of birth, anniversary or your nickname, for example, should not be part of the password, or even the password in its entirety. These details can be found out, which attackers obviously do.
- The password should not be a single word – Using one two long words in a row may satisfy the condition of using characters, but attackers also try so-called dictionary attacks, where they try combinations of passwords by using words as the password
In practice, experts recommend using multiple unrelated words as passwords, where some of the words are in a foreign language or are not words at all, but are simply something that you and only you know. You can then insert special characters directly into the words (i.e. not between the words) or substitute the letter o for the number 0, for example.
In this way you can easily come up with a long password that is not difficult to remember, but very difficult, or rather almost impossible, for attackers to figure out.
If possible, you should log in to your email not only with a combination of name and password, but also with additional authentication. We wrote more about two-factor authentication here.
In practice, additional approval is then needed to log in, such as verifying biometrics on your mobile or entering a time-limited PIN. This second layer of authentication tends to be very easy for genuine account holders to comply with, but for attackers it can be an additional hurdle to contend with. So, if your email provider allows this, definitely enable two-factor authorization.
Don’t trust anyone
You simply shouldn’t tell someone your passwords, even in a relationship. Even with the other person’s goodwill, you never know how much they care about securing their devices. This is simply another avenue where attackers can find out your password. The email inbox is simply yours and yours alone, and no one but you should have access to it.
Keep your operating system and other software up to date
Updates to operating systems or security programs should not be done just to get new features, but because these updates can fix security vulnerabilities. We should always keep both the system and software up to date so that security is increased and we are not vulnerable to vulnerabilities known to hackers.