A recent NY Times article says it all: How can we mere mortals hope to keep our emails secure if the head of the CIA can’t? Granted, the FBI and CIA probably don’t care a bit about my emails. But knowing how email security works is a good idea for anyone who uses it. First, accept that if something is said in an email, it can be found out. This makes email just like anything else that’s written down, and just like things we mail in the US mail; anything can end up in hands not intended. Because the girlfriend used the same computer to send the “threatening” emails, once the FBI traced the IP address of her computer, it was able to find other email accounts related to that address, including the Gmail account she shared with the hapless CIA director. They could have hidden their computer’s IP addresses (the Times article tells how), but they didn’t take that step. The article also discusses encryption and using a separate device for anything that you don’t want connected to your everyday computer activities.
Having a good strong password is another hot email security issue. Two-step verification for your email account is now almost standard procedure—if you haven’t already enabled two-step verification, do it now for your Gmail account. Essentially that just means that anytime someone enters your Gmail address and password to open your email, you’ll get a text message with a 6-digit verification code that has to be filled in to enter the account. You can designate your laptop/ iPhone/ etc. a “safe” computer so the verification code won’t be required when you’re using your own personal computers. But it will be an eye-opener when you receive a text with a verification code and you’re not using your Gmail account—-it means that someone else is trying to get in.
This NY Times’ Tech article about passwords is excellent. It points out:
- If your password can be found in a dictionary, you might as well not have one.
- Use a passphrase as your password. A passphrase is just a sentence, movie quote, song lyric, and string together the first letters of the phrase to make one (non-word) password. “Please allow me to introduce myself, I’m a man of wealth and taste” becomes the password PAMTIMIAMOWAT.
- Storing passwords. If you store your passwords somewhere safe, you can copy and paste the passwords when needed, which means keystroke logging software won’t even get the password. What’s safe for storing passwords? An encrypted USB drive with a very, very complex password, and THAT’s the password you have to memorize.
- Use security questions in your own twisted way. The answers to common security questions might be known to those close to you, or easily found on the Internet. It’s best to make up a nonsensical answer to the common questions, and use that. For example: What’s the name of the hospital where you were born? Your (consistent and easily memorized) answer might be Buffalo Wild Wings. When you’re asked for your mother’s maiden name, your answer might be your mother-in-law’s maiden name.
- “You are your e-mail address and your password.” Have one or more throwaway e-mail addresses to use for online subscriptions and ordering. For the longest time, I had an AOL account that I used only for ordering Christmas presents. Or get fancy and use www.10minutemail.com. You can register and confirm an online account which self-destructs 10 minutes later.