Who’s Reading Your Email?

By now, you’ve probably heard the phrase, “Use strong passwords!” so much that you want to puke.

Like it or not, it’s great advice for keeping your private information private. But if you think that’s enough to keep people from reading your email, just ask Sarah Palin. The widely publicized hack of her email account in 2008 should be enough to convince you that maybe, just maybe, you’ll want to make sure you’ve done all you can to secure your email account.

Here are a few simple tips to help you protect your email account(s):

• Use multiple email accounts. For the typical end-user, email is both free and disposable. If you’re going to sign up for an online media site with the same email address and password you use to do your online banking, then it’s only a matter of time before you see unauthorized withdrawals from your checking account. At a minimum, I recommend using one email account for any financial/healthcare correspondence, and another email for everything else. If you’re only signing up for a site for a short period of time, then I recommend using a temporary email account that you’re going to walk away from as soon as you’re done visiting the site.

• Be smart when choosing your secret questions/answers. I like the idea of secret questions, but they’re pretty damn easy to get around when you’ve published all of the answers to your Facebook profile. Social media profiles are treasure trove of information for attackers. Make sure to use obscure question/answer sets, and that you avoid using answering the same secret questions on every site. If you think like an attacker, you’ll have a pretty good idea of how to choose the questions that are going to stump them.

• Use two-factor authentication. Simply put, two-factor authentication requires that users provide a password (first factor) and something else (second factor) to prove that they are who they say they are. In most cases, that second factor will be a code sent to your mobile device (something you have in your possession) each time you login. A lot of online service providers offer simple two-factor authentication options today, including Google, Yahoo!, and Facebook. If you want step-by-step instructions on how to enable two-factor authentication, give this Lifehacker article a read.

• Configure encrypted email on your mobile devices. If you browse to Gmail from your laptop, Google is automatically going to flip to an SSL-encrypted connection to keep your data safe. But if you’ve got your Gmail account on your smartphone configured to connect over HTTP instead of HTTPS, then email traffic from your smartphone is at risk each time you check your messages while connected to a public wi-fi network. For iPhone users, you can change this setting by going to Settings > Mail, Contacts, and Calendars > choose the email account you want to update  > Account >  Advanced >  Use SSL, and flip this to the ON position. For Android, BlackBerry, and Windows Phone users, I’m afraid you’re going to have to Google for device-specific instructions.