Email accounts contain sensitive personal and sometimes professional information. Having your email account compromised can lead to identity theft, financial loss, or reputational damage. Fortunately, there are steps you can take to secure your email and reduce the chances of unauthorized access.
Table of Contents
- Use Strong and Unique Passwords
- Enable Two-Factor Authentication
- Be Wary of Suspicious Links and Attachments
- Keep Software Up-to-Date
- Use VPN and Public WiFi with Caution
- Turn On Login Notifications
- Avoid Public Computers for Email
- Use Caution When Granting Account Access
- Set Up Account Recovery Options
- Use Unique Email Aliases
- Check Recent Devices Frequently
- Be Selective When Sharing Email Address
Use Strong and Unique Passwords
The first line of defense for your email account is a strong, unique password. Here are some tips for creating secure passwords:
- Use at least 12 characters, combining upper and lowercase letters, numbers, and symbols
- Avoid common words, phrases, or patterns
- Do not use the same password across multiple accounts
- Consider using a password manager to generate and store unique passwords
Having distinct passwords for each of your email accounts protects you in case one account is compromised.
Enable Two-Factor Authentication
Two-factor authentication (2FA) provides an extra layer of security by requiring two forms of identity verification when logging in. The most common methods are:
- SMS code – A code is sent via text to your phone when logging in
- Authenticator app – Generates time-sensitive login codes
- Security key – Physical device that connects to your computer to verify logins
With 2FA enabled, a hacker needs more than just your password to access your account.
Be Wary of Suspicious Links and Attachments
Cybercriminals frequently use phishing emails containing malicious links or attachments to steal login credentials or install malware.
Be cautious about clicking links and opening attachments, especially from senders you do not know. Verify the sender’s email address, watch for misspellings, and check for signs of spoofing.
Keep Software Up-to-Date
Outdated software and operating systems frequently have vulnerabilities that hackers can exploit to access devices and accounts.
Regularly update:
- Your operating system
- Web browsers
- Email clients and apps
- Antivirus and malware software
Updating stops hackers from gaining access through known security holes.
Use VPN and Public WiFi with Caution
Connecting to public WiFi or browsing on an unsecured network makes it easier for hackers to steal your data.
When using public WiFi:
- Verify the network is legitimate
- Use a VPN to encrypt your connection
- Avoid accessing sensitive accounts
Being on public WiFi also means you could unknowingly connect to a hacker’s network.
Turn On Login Notifications
Many email providers have login notification options:
- Alerts you of logins from unrecognized devices
- Provides details like location and IP address
- Acts as an early warning for suspicious activity
Getting notifications when an unrecognized login occurs lets you take swift action to secure your account.
Avoid Public Computers for Email
It is best not to access your email on public devices like library or hotel business center computers. These devices may have:
- Keylogging or screen recording malware
- Unsecured internet connections
- Saved passwords or account information
If you must use a public computer, log out and clear history when finished.
Use Caution When Granting Account Access
Some email interfaces allow you to grant account access to third-party apps or external mailing services.
Before connecting another app or service:
- Verify it is from a trusted, secure source
- Check what permissions you are granting
- Revoke access if unused or unnecessary
Giving wide account access increases points of entry for hackers.
Set Up Account Recovery Options
In case your account is compromised, having recovery options set up allows you to regain access:
- Provide backup email addresses and phone numbers
- Save device login details
- Set backup security questions
- Enable two-factor authentication
With backup verification methods, you can recover your account even if your password is changed.
Use Unique Email Aliases
Creating unique aliases gives you a distinct email address for each service or website you use:
- Prevents services from sharing your real email address
- Identifies source of spam messages or data breaches
- Can be deleted if too much unwanted email received
If an alias gets too much spam or is involved in a breach, you can remove it without affecting your actual email address.
Check Recent Devices Frequently
It is good practice to periodically check devices recently used to access your email account.
Steps for reviewing devices:
- Go to account security settings
- Locate “Recent devices”
- Check details like device type, IP address, location
- Remove any unknown or suspicious devices
Frequently checking for unfamiliar logged-in devices allows you to catch unauthorized access early.
Be Selective When Sharing Email Address
Be thoughtful about providing your email address online or to businesses.
Tips for protecting email address:
- Avoid including on public profiles
- Uncheck pre-checked marketing opt-ins
- Use alias when possible
- Unsubscribe from unnecessary emails
The less your email is available publicly, the fewer potential entry points for spammers or hackers.
