Why are email accounts so important?

Your emails contain a lot of information about you, so it’s crucial you make your email password strong. If criminals get into your email account, they could access personal information that could be used to scam you or others. To make it harder for them, always use an email password that you haven’t used elsewhere. Your email inbox can also act as a ‘gateway’ to your other accounts. Once they can access it, a criminal could use the ‘forgot password’ option to request emails enabling them to get into other accounts, such as your social media.  

How to secure your email account.

1. Your email password
   • Using a combination of 3 random words creates passwords that are long enough and strong enough. Avoid words that can be guessed, like your pet’s name or birth month. Adding numbers and symbols is a good way to make your password even harder to guess.
2. Turn on 2-Step Verification (2SV) for your email
   • What is 2SV?
     • 2SV stands for Two-Step Verification, also known as Two-Factor Authentication (2FA). It is a security feature that adds an extra layer of protection to your online accounts. With 2SV enabled, you need to provide two different types of credentials to verify your identity and gain access to your account.
   • The Factors:
     • The first factor is typically your regular password or PIN, which you already know. The second factor is an additional piece of information that you have or something unique to you. This second factor is usually one of the following:
       • Something you have: This can be a physical device, such as a smartphone, security key, or a code-generating app. When you try to log in, you’ll receive a temporary verification code on your device, which you need to enter to complete the login process.
       • Something you are: This refers to biometric factors like fingerprint scans, retina or iris scans, facial recognition, or voice recognition. These methods use unique physical characteristics to verify your identity.
       • Something you know: This can be a unique code or a set of answers to personalized security questions. It is different from your regular password and adds an extra layer of protection.
   • By requiring both factors, even if someone manages to obtain your password, they would still need the second factor to access your account. This greatly enhances the security of your online accounts and protects against unauthorized access, even if your password is compromised.
   • Many popular online services, such as email providers, social media platforms, banking institutions, and online shopping websites, offer the option to enable 2SV. It is highly recommended to enable this feature wherever possible to enhance the security of your online accounts and protect your personal information.
3. How to turn on 2-Step Verification (2SV)    
   • Turn on 2SV for Outlook ·     
   • Turn on 2SV for Gmail ·     
   • Turn on 2SV for iCloud  
   • If you are using an email service that does not offer 2SV, consider switching to an email provider that does.

Creating your email password.

You can use a combination of three random words to creates passwords that are long enough and strong enough. Avoid words that can be guessed, like your pet’s name or birth month. Adding numbers and symbols is a good way to make your password even harder to guess.

You can Use a reputable password manager. Dedicated password management tools offer more advanced security features than browser-based password managers. They often encrypt your passwords with a master password that is not stored on the device.

How to check if one of your online accounts may have been compromised.

1. However strong your password is unfortunately it can be compromised if it is involved in a data breach. A data breach is an incident where unauthorized individuals or entities gain access to sensitive, confidential, or protected information stored within a system or database. During a data breach, personal, financial, or other sensitive data may be exposed, stolen, or compromised without the knowledge or consent of the data owner or the organization responsible for safeguarding the information.
2. Services such as www.haveibeenpwned.com can tell you if your personal information or any of your account passwords have been made public in a major data breach. If you have been affected by a data breach, you can find some useful information here from the National Cyber Security Centre on how to how to protect yourself from the impact of data breaches.

For more advice on how to stay secure online, please visit www.cyberaware.gov.uk