How secure is your email account? If you don't know, you should take some important steps toward email security.
Despite the rise of social networks and Twitter, email is still the way many of us communicate, according to Mike Rothman, analyst and president of Phoenix-based security research firm Securosis.
The problem is that email is also the communication channel that's most often left unprotected and, as such, vulnerable to attack.
If your email account isn't secure, you may be putting your private data at risk, including your address, credit card numbers, copies of bank statements and passwords to online accounts such as Amazon or PayPal.
If a bad guy takes over your email account, and you're one of the millions of people who use the same password for multiple accounts, then he can reset the passwords of those accounts too.
In addition, he can harvest the email addresses of your friends, spam them and hit them with phishing attacks to get their personal information as well, Rothman said.
Here are some tips Rothman offers for minimizing email risks:
Don't use email to send critical data. If you do, delete your copy of the sent email immediately.
Connect to your email account using encrypted connections. That means using SSL (look for the lock in your browser) for webmail such as Yahoo! Mail or Gmail, and a secure protocol (usually IMAP or POP3 over SSL) for other accounts. Do that on your portable devices as well as on your PCs or Macs.
Use very strong passwords for your email accounts. "Mine is 25 digits long, and includes numbers, letters, and special characters; I keep track of it with a password manager," Rothman said.
"I know it's difficult for some folks, so use a passphrase like old addresses. Some people use a combination of their kids' names and birthdays," he added. "[Make it] something that you're going to remember but long enough that you're not to be subjected to a brute-force attack (where hackers try every possible code, combination, or password until they find the right one)."
Rothman suggested using a passphrase of 15 or more characters. As an example, combine the street number of your first house with the name of your elementary school, then add a special character, your anniversary date, another special character and finally, the name of your dog.
Use two-factor authentication on Gmail. Google has introduced a new two-step authentication feature for Gmail users to increase the security of its free mail service. The system lets users set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail account.
"So if you use Gmail, signing up for the two-factor authentication is a good thing to do," Rothman said.
Use strong password retrieval (security) questions. These questions are used in case you need to do a password reset for your email.
"I use things that no one else would know, like the name of my sixth-grade teacher or my favorite physics professor," Rothman said.
There's no point in using the security question, "What is your favorite movie?", then posting a review of that movie on Facebook called, "A review of my favorite movie." Whether you realize it or not, thanks to social media, a lot of your personal information is available via the Internet. So avoid security questions that anyone can easily find online.
Set up SMS alerts. Go to your email account settings and determine whether you can add your mobile number to receive SMS, or text-message, alerts. Some email services such as Gmail and Yahoo! Mail will send you, and no one else, the password reset code whenever somebody tries to reset your password.
Learn how to regain control of your email account if it gets hijacked. Plan ahead and determine which steps you have to take, which telephone number you have to call, and what kind of information you need to give the customer-service agents, Rothman said.
"Having that information is a critical thing when you're rushing against the clock to contact somebody," he said.
Have a second email address to receive password reset information. You don't want that information to go to your primary email address if it's been compromised and you no longer have access to it. Webmail addresses are free; set up two and use them as each other's backups.