Blog‎ > ‎

eMail Security

posted Apr 22, 2013, 1:20 AM by Daryl du Plessis   [ updated Apr 22, 2013, 1:39 AM ]
A recent large scale hack of Yahoo! email users compromised thousands of accounts in January of this year. The hackers then used these accounts to send spam, using the addresses found in the accounts. I know of a few people who had this occur to them and the only way they knew about it was when they received emails that had bounced back, due to incorrect addresses in their address book, or by friends replying to the emails.

Yahoo! is not the only email provider to be hacked, only the most recent on this scale. Hotmail accounts have often been targeted, but really, any email provider is just as likely to be hacked. As a result the email providers have increased security measures to prevent accounts being hacked, but this is only effective if the measures are enabled by the end user.

The first thing that should be done if an email account is compromised is to reset the password. With the recent Yahoo! hack, passwords weren't changed by the hackers as they were only interested in sending spam using the account. The accounts that were hacked had weak passwords (this is called a dictionary attack, where a database of commonly used passwords is used to try and login to your account). As a result it is worth making your password more complex by substituting numbers and symbols, or just using made up words. There are plenty of
password generators you can use to create complex passwords, just do a search and you will find them. Better yet, use lastpass to manage your passwords (this has a built in password generator, see previous article I wrote on password management for more details).

If your password is changed by a hacker, or you can't remember it, then you can use the password reset option. This comes back to the second thing that needs to be done, setting up a security question and answer. Typically you will be given a choice of questions that you can use to provider an answer that only you are likely to know e.g. Who was your favourite teacher, What was your first pet name etc. This will be used when you reset your password. It is a good idea to make this a fairly obscure answer, otherwise it could be used to hack your account in the first place!

Another security option is to provide an alternate email address. This is useful if you need a password or password reset link sent to another address.

You can also add your mobile phone number to your account details. This can be used as another means of resetting your password or for multi factor authentication. E.g. When you login with your password, you also need to use a pin sent to your mobile via SMS. Facebook also use this to verify logins made from a new device or PC.

In short, make sure you have a strong password in place, check your account settings for additional security settings that can be enabled and keep your passwords secure. If you have these measures in place you are less likely to have the inconvenience having to change your
email address.

Happy emailing.