Technology: It's not personal

Protecting your email account against hackers - how and why?

By HAREL FELDMAN
Identity theives (photo credit: MCT)
Identity theives
(photo credit: MCT)
‘Sure! Just email me the details.’ How many times in an average week do you find yourself saying those words? Email is one of the top ways we socialize today. We send people funny images of cats, write about our lives and send important business correspondence on a daily basis. Even more than just a tool for communication, email is a necessity of life when it comes to keeping in touch with the world.
Although we use web services such as email on a daily basis, when people hear about “hacking” stories in the news, it often seems distant and irrelevant to us.
Hacking is something that involves the manipulations of geometric shapes or 3-D talking heads telling the hero or villain company secrets, if Hollywood is to be believed. But in this day and age it has a particular relevance to us all. When asked if they are worried about being hacked, most people say things like “I have nothing to hide” or “why would anyone hack my account?” You might be surprised to know that email hacking today isn’t something personal.
The chances that you know the person trying to break in are close to none.
They don’t care about what you are up to, how your grandmother is feeling or the latest updates from your job. They are looking for ways to make easy money.
They do this by sending emails to people they can identify from your address book and trying to con them out of money in your name. By pretending to be you and having all your past emails to root though, they can do an effective job at conning people you care about out of money. Even worse, you would be hard-pressed to contact all of them without your trusty email and address book by your side.
Not only is email indispensable to your social and business life, but most online services require an email address and then use that email address as a source for password resets. This can be a problem if you lose access to your email account or it gets compromised, because the person who has control of your account can easily gain access to any service you have signed up for with your email address, which could include sensitive financial sites.
So what can you do to avoid that fate? The first step is the easiest:
Don’t give your password to anyone.
This might seem like a no-brainer, but surprisingly it isn’t. A survey carried out for the Infosecurity Europe trade show proved that more than 70 percent of people asked would trade their passwords for a bar of chocolate. Not only that, but 34% didn’t even need to be bribed with chocolate to rattle off the keys to their digital lives.
But your email isn’t just at risk from strangers offering candy. Sometimes a scammer will send you an email purporting to be Facebook or Gmail or some other service and ask you to confirm your password or else they will close your account, or some other threat. In my entire career, I’ve never gotten an email asking for my password that has actually been from the service it said it was from. If you aren’t sure, ask someone who you know has a strong technology background to verify the email for you before you send them any of your details.
Another place that you shouldn’t use your email passwords is on sites like Facebook that want to log into your email to connect you with more friends. Giving a third party direct access to your email means that they keep the password on file and if they suffer a data breach, your email details will be in the hands of people you really don’t want to have it.
Make a password that is hard to guess.
The most common password is “12345.”
You would be surprised at how little work identity thieves have to do to guess their way into accounts protected by weak passwords.
The best way to protect your account is to make a password that is hard to guess. Since it isn’t easy to remember passwords like “BHt6fbnO,” it is recommended to use sentences instead. “ILove- ToRowBoatsOnTuesday” is a much better choice than “1234” or “ponies,” while still being memorable. Another way to make passwords more secure is to use a password manager like www.passpack.com, which can manage your passwords for you.
Don’t use the same password for more than one service.
More important than any other service on the Internet is your email. Most email providers have pretty decent security when it comes to preventing break-ins.
The same can’t be said for many of the other services you sign up for online. In an effort to remember all your passwords, I’m sure you have re-used a password or two for all of your services. Most people do.
The problem with this is that if a single service gets compromised, identity thieves try to use those passwords on the email addresses used to sign up for the service.
They succeed in logging into the email far too frequently for comfort.
Use dual authentication.
Gmail is the most popular email service, with approximately 350 million active accounts. It has a great feature for preventing someone from breaking into your account, called “dual authentication.” In addition to using your username and password to log in, it also sends an SMS to your phone with a code to type in. Since an identity thief might have all your details but still not possess your phone, he or she won’t be able to get in. You’ll find it surprisingly easy to use and not much of a nuisance at all.
You can get more information about dual authentication at http://goo.gl/ngP72.