With talk of email hacking you might wonder if your own email account is susceptible. The ideal email environment is an end-to-end encrypted email service, in which only the sender and receiver can read email messages. You have likely encountered such services before, as when you receive an email from your doctor. We wrote a little bit about encryption keys a few months ago, but the basic principle for encrypted email is that the sender and recipient have a pair of cryptographic keys: one private key and one public key each. The sender and recipient share their public keys, keeping their private keys secret. The sender encrypts his message using the recipient’s public key, and sends it to the recipient. The recipient gets the message and decrypts it using his own private key. Of course, this is the ideal situation. The fact is: it’s far more likely that you’re using Gmail.
And that’s okay. You still have access to measures to render your email more secure.
Two-Factor Authentication (or 2FA) to Prevent Email Hacking
Who among us hasn’t used the same password on more than one site? Who hasn’t downloaded software from the Internet? Who hasn’t clicked on a link in an email message?
Two-Factor Authentication provides an additional layer of security by requiring both a username and password, as well as something that only that user has access to. Most often, this is a code sent as a text message to your cell phone. But that’s not the only option. You can also receive a code via phone call, using the Google Authenticator app for Android or iOS, or using backup codes that you’ve printed or downloaded for times when you don’t have access to your phone (while traveling internationally, for example).
If your phone provider is Verizon, however, we have some bad news. A hack reported on July 12 exposed Verizon customers’ names, phone numbers, and PIN numbers—enough information for a hacker to gain access to an individual’s account, even if two-factor authentication is enabled.
Security Keys for Even Better Protection
Want to make your Gmail account even more secure? You can use a physical security key into your computer’s USB port. If you use a security key like this, attackers will not be able to log into your Gmail account, even if they know your password… or even if they fool you into logging into an imposter site after you’ve clicked a phishing link in an email.
Google advises that a Security Key might be for you if:
- You don’t mind carrying it with you. A Security Key is small enough to fit on your keychain or in your wallet.
- You use the Chrome browser on your computer. Security Keys don’t work on other browsers, like Safari.
- You want better protection against online scams. Some scammers set up phishing sites that pretend to be Google and ask for 2-Step Verification codes. Security Keys use encryption and work only with the sites they’re supposed to, so they’re more secure from these kind of attacks.
- (iPhone users only) You don’t plan to use your Google Account on your iPhone’s Mail, Calendar, or Contact apps. Security Key doesn’t work with apps that come on your iPhone, but you can use Google apps instead.
To add a security key to your Gmail account, order a FIDO U2F Security Key on Amazon for under $18. You’ll need to carry this with you any time you want to access your email (i.e., all the time). Once you have it in hand, follow this guide for pairing it with your Gmail account; it’s considerably better than Google’s instructions.
One thing to remember is that—up until recently—having a Gmail account meant accepting the fact that your correspondence would be mined so that personalized ads can be served to you. On June 23, Google announced that it would STOP reading your emails, presumably to attract more corporate customers.
Interested in making your email more secure? Contact us!