Should I change my email account password?
avoid email hackers, change your password, set up multi-factor authentication
Last night I was playing around on Facebook. I was taking quizzes to see if I was a vampire or a werewolf, which evil Disney queen I was most like, and which character I would be in Game of Thrones. It turned out I was Maleficent, a werewolf, and Tywin Lannister. Uncertain I was satisfied with these labels, I decided to go to bed and sleep on them. However, right before I logged out, my friend Ben, a renown IT wizard and consultant, posted a warning:
“Getting access to your email is basically getting every account you've created with that address. Protect your email, enable multi factor authentication. Hackers are trading millions of Gmail, Hotmail, Yahoo logins; Change your password right now. Like NOW! by Nathan Ingraham."
Initially, I shrugged off the warning and went to bed. I couldn’t sleep because I could not recall the last time I’d changed my password. I had everything in my email account from passwords to various bank accounts and my stock accounts. There were years of correspondence history, including the most confidential communications with dozens of clients, friends and family members. Unable to sleep, I popped out of bed and straightway changed my email account password and set up what Ben had called “multi factor authentication.” I also double-checked to make sure my mobile number, security questions, and recovery email address were accurate. I even logged into my recovery email address to make sure everything was in order there. I changed the password in this recovery account as well.
The threat is real. There are bad people out there who steal your email passwords. They will use any and all information they can against you for their gain. I won’t go into the details of the recent theft of over 273 million accounts because you can read about it via the citation I provided above. This is only one of the large-scale password hackings/hijackings that have occurred in recent years. www.informationisbeautiful.net provides a very impressive interactive chart detailing the World's Biggest Data Breaches; Selected losses greater than 30,000 records. In short, this article makes clear than since 2004 a lot of information has been stolen from many of the largest companies and government entities. The United States' most protected military databases are included.
Change your passwords frequently, and this is only step one. If your passwords are stolen, you can lose money, suffer damage to your reputation, and have your identity stolen. For instance, consider your online access to your bank account. Can a hacker or Internet thief get into your bank account and take your money just by having access to your primary email account? Yes.
The easiest sample case involves your having emailed yourself all of your bank access information. You wanted to have it available in a safe place should you forget your bank admin name or account password. Here the online criminal only has to search your email and find the one you may have titled in the subject line “my bank account admin name and password.” I have heard of cases where smart people do things like save all of their admin names, security questions and answers, as well as their passwords in a well-organized spreadsheet and then email it to themselves.
The next easiest case to hack can be something like a utilities account, granted this isn’t the case for online banking any longer. For a specific example, I just logged into my account with my Internet service provider. My admin name was the same, character for character, as my primary email address. When I looked in my email account, I did a search and easily found my password to this utility account. It got worse as I went on to audit nearly every online account I had. Pretty much it was true. If a hacker got ahold of my email address and password, he’d have access to my entire life; everything from my dating history to all of my financial information, including access to all of my assets. Very scary, right? Think about it. If you don’t erase emails and you use a primary email account, you’ll probably find that just by looking through your email account, a stranger with bad intentions would know where all your money is kept. He’d also not only know who your friends and family members are, but many confidential matters involving them.
Now that I’ve answered the question: should you change your email account password with a resounding YES! This may not be all you should do. I can’t recommend anything less than doing everything humanly and technologically possible to protect your email account as well as any information which can be hijacked or hacked or stolen from any source. In fact, I can’t even come close to suggesting every step you can take to best protect yourself. However, I can briefly tell you what I did this morning to protect my primary email account. This is without discussing the multiple password changes and security measures I took with my bank accounts, stock accounts, utility accounts, and otherwise.
First, I changed my email password
I did not write my new email password down. I spent several minutes, forever committing it to memory by using a mnemonic device. I used not only letters, but symbols and numbers. The harder and more complex the password is the harder it is for a human or machine to crack. If it isn’t written anywhere, no one can find it. If you have to write your password down, don’t email it to yourself!
Second, I double checked and tested my recovery email address and recovery mobile number
In short, I made sure my email account was accurately connected to my recovery email address and mobile number. I tested by texting and emailing between my mobile and recovery account and my primary email account. Should I forget the password I didn’t write down, I could recover it through two established backup methods. I also changed my recovery email address. Wait, what if I forget it? Now I’m thinking of keeping my password in my shoe!
Finally, I set up multi-factor authentication
Because my email account is sacred and contains a lot of personal, financial and confidential communication, I took a step I think most hackers can never get around. For now, to log into my email account, I not only have to use a password that is only committed to memory via a mnemonic device, but I can’t get into it unless my email provider also texts me a security code which changes every time I log in. One type of “multi-factor authentication” is a text from the site or email provider you are trying to access. You have to provide your established password plus a security code that is texted to you each time you log in. Each time you log in, the security code is different. This makes being a hacker pretty difficult if he only has your password. He also needs to have your cell phone or a counterfeit alternative to it. Multi-factor authentication can be a tedious extra step. If you lose your phone you have to recover via your backup email address. However, if your account’s safety is important enough, the added effort is worth it.
Pat Dickson
[email protected]
LinkedIn