In the spirit of yesterday’s security-focused post, I wanted to share with you some tips on how to protect your email account from getting hacked. This list was originally put together by the folks at MakeTechEasier and was focused on Gmail, but many of the items are relevant to any web email client, and many other services besides. I’ve reworked the concepts for general use – if you want the just-for-Gmail step by step details, please visit the original post.
original photo by Don Hankins
1. Always check the URL before logging in.
Fake login pages are a problem with any site that hosts sensitive information. Even Craigslist was having this problem just last month. Tread carefully before you log in.
2. Avoid checking emails at public places
This may be a bit much for anyone in this mobile-focused world, but this is geared more toward avoiding checking email (or any private account) from a public computer. You never do know what sort of spyware has been installed on someone else’s machine.
3. Create a secondary email account
If you absolutely must login to your email account on a machine other than your own, create a secondary email account (with different login credentials, of course) and forward a copy of all emails from your original account to the secondary. This way, if you get hacked, your original account should remain uncompromised. Be sure to empty this account regularly – don’t use it as a backup for your sensitive messages. Also, don’t use it for your password recovery account…
4. If you are able, regularly check the IP of the last login
This is a nice Gmail feature, and is offered by some other webmail email providers as well. If you don’t recognize the IP that last logged in to your account – especially if it comes up often – you may have been hacked.
5. Check for bad filters
If your email service allows custom filters, there is always the possibility that one of them could be forwarding your messages to someone else. Regularly check your filters to see if there are any that you don’t recognize.
6. Don’t click on suspicious links
This one should be highlighted in bold, flash, and emit dangerous beeping noises. If you don’t know what it is – even if it is from a friend – don’t click on it. If it came from a friend, send them an email or call them to ask if it was really sent by them. This applies to email, Facebook, Twitter, a sticky note, or any other way a link might have been sent to you.
7. Choose a strong alphanumeric password (and add other characters too)
Some services don’t allow capitals or special characters in your password – avoid these services if you can. Use of funky characters is a great way to increase password strength. If you can get a password up to 16 characters, all the better. I know that these are a pain to remember, but you can always create a password base to help with that, or use a tool like LastPass or KeyPass to remember the password for you.
As a final note, remember what Evan suggested in yesterday’s post on Firesheep and Blacksheep: the only real way to be sure you are at least as safe as you can be when you login is to use services that require https and/or to connect via a Virtual Private Network. The TOR network is a great service if you want a free VPN, and there is even a TOR toggle extension for Google Chrome called Proxy Switchy!.
How do you protect yourself when you login to your email (or other) accounts?