For most of us, our email account is the hub of our online life. It’s an important communication tool, connecting us to family, friends, colleagues, and businesses. It serves as our identity when we’re logging in to other web accounts and apps, and helps us manage many tasks in our day-to-day life.
Given how important our email accounts are, it’s not surprising that they’re also a primary target for cybercriminals, who may try to gain access through phishing, social engineering, and exploiting password reuse.
Follow these steps now to avoid being an easy target and make your email account as secure as possible:
1. Create a strong password.
You’ve probably heard before that using a strong, different password for every single web login is crucial for your online security. By creating a strong, unique password, you’re ensuring that passwords leaked in data breaches can’t be used to try hacking into other accounts.
Strong passwords look like #IP9PqjS%17pEbUOkMVv and do not use words you would find in a dictionary or your personal information (like your birthday, anniversary date, or pet’s names).
If that looks too hard to remember, use a password manager like LastPass to create and store long, strong passwords for every online account, including your email account.
2. Add another authentication step.
Two-factor authentication (sometimes called multifactor authentication or two-step verification) is something we talk about a lot around here. When you turn on two-factor authentication for an account, a second piece of information must be entered before someone can gain access to that account, creating another layer of protection.
All three major webmail services – Gmail, Yahoo! Mail, and Microsoft Outlook.com – support two-factor authentication. Once enabled, you’ll be prompted for a code when you’re logging in from a new device or location.
Depending on the service you use and the option you select, the code may be generated by an app on your phone, or it may be sent by text message, or another method. That way, even if someone has your email account password, they still can’t log in without that extra code.
3. Review devices and permissions.
Every webmail service is different, but you should familiarize yourself with the privacy settings, app permissions, and security options that are available for your email account. On most providers, you can find an “account settings” page to review these details.
Take a look at your forwarding settings, and any email addresses that have been set as forwarding addresses. Review any computers, laptops, and mobile devices that have been set as “trusted devices” for your webmail account, or any services you’ve given permission to access your email account. If any are no longer used, revoke access to them from your settings.
If you find any suspicious-looking activity, change your password immediately and enable multifactor authentication to lock down your account, plus do a full scan of your machine with your antivirus and antimalware software.
Protecting your email account should be an ongoing priority. It’s important to check back regularly on your email account settings, and to keep an eye out for suspicious changes.
And of course, the standard security advice applies: Be watchful for phishing emails or other attempts to get you to reveal sensitive information. Avoid logging in over unsecured WiFi or via public computers whenever possible. If you must use a public computer or open WiFi, update your password(s) to your account(s) when you’re back on a trusted device or connection.