When signing up for banks, insurance agencies, credit cards, Amazon, and even companies like Netflix–What do they all have in common? They all ask you for your email address. And if you’re like most of us, you will use the same email account when signing up for them all. From a usability standpoint, it’s normal to use the same email account for all your accounts however from a security standpoint, problems can arise because all your security at this point is all wrapped around that one email account IE: all of your eggs are in one basket. This is because all someone needs to do is hack your email account and then they have access to all these accounts through the “I forgot my password” feature available on most sites. So with that in mind and in light of the recent gmail account hacks, let’s take a look at how we can secure those GMAIL / Email accounts shall we!
Most people use one of the three big free email services: Gmail, Yahoo!, and Hotmail (aka live mail). Unfortunately, online thieves know this and so those 3 providers are also the most targeted for things like hacking, phishing, and scamming. When someone does take control of one or more of your online accounts without your permission and then uses them for monetary gain it’s known as Identity Theft.
In 2009, it was reported over 11 million adults in the United States fell victim to a form of identity fraud that affected them financially, and that number is steadily rising on an average of 10% per year. According to the same report on identity theft statistics from Javeling S&R 13% (1,430,000) of identity fraud cases were initiated by someone who personally knew the victim. But, more notably “New online accounts opened fraudulently more than doubled over the previous year, and the number of new e-mail payment accounts increased 12 percent.” Truly, Identity Theft is one of the fastest growing crimes in the world and even more so on the digital front.
So, the threat is definitely out there –but how do you protect your email (and all of the online accounts attached to your email) from thieves who would readily compromise it? Unfortunately, there is no simple, fix-all method. Security is all about layers, so here are some suggestions to keep your information safe. Since Gmail is the most popular, offers the most security features, and was recently target in an international attack, lets talk about it specifically.
How to secure your Gmail account.
1. Use a secure password.
I can’t stress this enough. When Gawker media was hacked 6 months ago the top most-commonly used passwords were posted. Guess what they were? The number one most used password was “123456”. And the runner-up, the 2nd most used password, was the word “password”. Using a password like this is similar to living in downtown Los Angeles and leaving a key to your front door right underneath the welcome mat outside; yeah, not a good idea…
A few weeks back, Jack wrote a great article on how to create a secure password that is easy to remember and unique to every online service you use. It’s definitely worth a read if you missed it.
2. Always check the URL in your address bar
Phishing attacks happen when a thief creates a fake sign-in page that looks exactly like a legitimate one. Never sign-in to prompts that are sent to you via email, and always check the address to make sure the site you are signing into is an actual Google domain (website) and not a malicious copy-cat.
3. Regularly check your Gmail account for suspicious activity
About 13 months ago Google added suspicious activity alerts to Gmail accounts. You can check recent activity on your account whenever you like. The activity page will list your 10 most recent logins, and if you see some that locations that don’t match up with where you’ve been – then you know that someone already has access to your account. Read more about activity alerts here.
4. Enable 2-step verification
Requiring an additional step after entering your password makes your Gmail account tremendously more secure. With 2-step verification, a randomly generated code is texted to your phone whenever you login to Gmail in an internet browser using the correct password. This randomly generated code must then be entered into the browser window in order to complete the login and access your account. Once you have this set up, it is nearly impossible to hack your account –unless of course someone steals your phone.
5. Use application specific passwords
Application specific passwords are a bonus side-affect of using the 2-step verification shown above. With these type you get to create independent passwords for your web, mobile, and desktop applications that request access to your Google Account. Since nobody has your real password, nobody gets any real access. And, even if there is an issue – you can simply revoke the password.
6. Watch for suspicious forwarding addresses
In a recent blog post, Google confirmed that hundreds of Chinese, South Korean, and senior U.S. Government officials accounts were compromised and set to forward email contents to data-collection addresses. You can check to see if your account has any forwarding set up in the Gmail Settings > Forwarding and POP/IMAP page.
7. Keep your computer secure
Even if you’ve followed all of the above steps, you are still putting your online accounts at risk if the computer you use to log into them is compromised. Mrgroove wrote an ultimate security guide that covers all of the basics for keeping your computer free of viruses and other nasty bugs. None of it is too complicated, so read up and become an informed technology user!