It was recently reported that over 1 million Google and Yahoo accounts were being sold on the black market online. Usernames, email addresses, and passwords stored in plain text were all on offer. This hoard of compromised user accounts and credentials is thought to be harvested from a collection of breaches dating back as far as 2012.
In the fast-paced world of cybercrime, it may be surprising to some that hackers would be selling email account credentials that are several years old. But much of that information may still be valid because it’s likely that the victims do not practice proper email and password security hygiene.
Email accounts are one of our most important digital assets – both personally and professionally – so protecting it with a secure password is critical. Hackers that gain access to your email via a weak or reused password can learn of other accounts you have online, and then use your email account against you to reset nearly any online account that you have.
While the prospect of a hacker gaining access to your email is frightening, the good news is that there are several steps you can personally take to make your email more secure:
Change your password every quarter:
Unique and complex passwords are the first line of defense for email accounts, but even the best passwords have a shelf life. Changing your passwords every quarter is an easy, proactive measure you can take to protect your account, especially since breaches are typically disclosed months or years after the credentials are stolen and sold. In a worst-case scenario, adopting this practice will limit the amount of time cybercriminals have access to your hacked account. The fastest way to refresh all your passwords securely is to use a password manager. LastPass users can use the Auto-Password Change feature to change account passwords in a single click.
Enable two-factor authentication (2FA):
Two-factor authentication is one of the most effective and simple methods to protect your email accounts beyond a strong password. In addition to entering a password, 2FA users must enter a second piece of information to gain access to their accounts, such as a one-time code sent via text or app on your mobile device, or even using fingerprint. Regardless of the form your two-factor authentication takes, it ensures that hackers cannot break into your email, even if they have your password. If your email account does not offer native 2FA, you can set up two-factor authentication to protect your email through your LastPass account.
Take responsibility for your work email:
A recent study by BitSight found that in the last 15 months, at least one out of every 20 Fortune 1000 companies had experienced a publicly disclosed breach. And despite these breaches, Fortune 1000 companies’ security performance has recently declined overall: 52 companies made an effort to improve its security, while 103 companies experienced rating drops from October 2016 to January 2017.
This cautionary tale goes to show that even the largest and most profitable companies, with substantial resources and the experience of very knowledgeable leaders, can struggle with security. As such, employees are the first line of defense for their own email, and should take precautionary steps to bolster their account security whenever possible.
Unfortunately, this is still a pain point for businesses. Our recent research into the psychology of passwords revealed more than a third (39%) of people create more secure passwords for personal accounts over work accounts. Additionally, we found that 75% of respondents considered themselves informed on password best practices, yet 61% admitted to using the same or similar password across accounts. Ensuring employees are armed with the knowledge to do their part in keeping the company safe from cyberattacks is a vital part of any comprehensive security solution.
The email accounts you use are a treasure trove to hackers that are looking for financial gain, which make the security of those accounts paramount. Ensure the security of your email services by following the three steps outlined above and use a password manager to make routine security maintenance a breeze.