Sluts for Security: Protect your Email from Scammers & Phishers!

Email is the crown jewel of your digital life. Of all the accounts and services that hackers want to get their hands on, access to someone's email gets them the most bang for their buck. Think about it – all your accounts like social media, banks, iCloud/Google and even Tryst – all require an email address for access. Get into someone's email, and you get access to their entire online presence.

The gross feeling of knowing someone is poking around your inbox is bad enough, but once they get access, they can use the reset password function on a website or app to have a new password sent to the email address on record for that account. Locking you out in the process.

This kind of skullduggery won't work if you have two-step login (aka two-factor authentication) enabled on those accounts. But not all accounts support it. Some services even let you disable two-step login if you can provide them with enough information. So even with two-step login enabled on the majority of your accounts, you really want to make sure your email account is secure too.

I feel like a broken record having said this in almost all my posts on this blog, but there's two super important things you can do to avoid your email inbox getting compromised by all but the most determined of attackers - strong, unique passwords and two-step authentication.

Of all the accounts to practice good password hygiene with, your email should be at the top of the list. There's just so much valuable data in there for hackers. Microsoft has a handy guide on how to create and use strong passwords, but ideally you should also be using a password manager that can create unique passwords for every service and store them for you. 1Password is a good place to start if you don't already have a password manager set up.

There's a whole article on this blog about the wonders of multi-factor authentication that you should read. If you are already educated on multi-factor authentication and just want to turn it on for your email, here are instructions for setting it up on popular email services:

• Google/Gmail
• Apple iCloud
• Microsoft 365/Outlook/Hotmail
• Yahoo!
• Fastmail
• Protonmail

With a strong, unique password and multi-factor authentication enabled for your email account, you've got a good foundation to avoid your account being compromised. You will still need to be vigilant against phishing attacks and scammers pretending to be your email provider. We have a whole article about how to avoid getting phished that'll go a long way to helping you keep your email safe.

A recent feature of some email platforms are one time email addresses generated at random and designed for use only on one website. Apple calls it "Hide My Email" and Fastmail calls it "Masked Emails". They generate gibberish email addresses like skies_desks.0t@icloud.com and link it to your real email address so the service you're signing up for never sees your real address. Any emails sent to the randomly generated address are forwarded to your real one.

The main purpose for these random email generators is to try and tackle spam and other nefarious marketing techniques used by apps and websites, but they also play a role in keeping your email inbox safe. By using a unique address for each service, it’s difficult for a hacker to compile information that may be used to phish you or to guess your password, particularly if you've used the same password in multiple places.

If you're interested in using this sort of thing and your email provider doesn't support it, there are third party services that can generate random emails for you:

• SimpleLogin
• Firefox Relay
• DuckDuckGo Email Protection

It's also worth considering detangling your email from "Big Tech" companies like Microsoft, Apple and Google. It's not rare to hear stories of people who have had their accounts blocked by Google for various reasons (vague suspect activity/policy violations), which also happens to lock them out of their Gmail. By using a different, privacy focused email service, like Fastmail or Protonmail, even if you are kicked out of Google for whatever reason, it'll hurt less. Let’s not put all your digital eggs in the one digital basket.

Got a tech question for Ada? She wants to hear from you!

Ada answers all your questions about tech, the online world, and staying safe in it. No question is too silly, no hypothetical is too far-fetched! Learn to leverage devices, systems, and platforms to your benefit.