You are here
Email security tips for everyone, not just American politicians
One of the biggest news stories of the current USA election process is the hacking and wikileaks release of the Hilary Clinton advisors emails.
Who carried out these hacks is not relevant to this article, but how they were carried should be of concern to every email user, whether you are running for President or not.
If the advice below had been followed, it is very unlikely that these email accounts would have ever been compromised.
- Use a strong password
A strong password is difficult to break by ‘brute force’. In the case of the Hilary Clinton emails, it would appear that the password being used by the political advisor (John Podesta) was ‘guessed’. This does not usually mean that the hacker manually attempted to guess the password (although they would have tried the usual ‘weak passwords’ such as ‘password‘ or ‘pa55word‘ first)
Brute force hacking is usually carried out by an app/program running on a computer or multiple computers, which attempts thousands of passwords per minute until it guesses correctly. These programs may take considerable time to guess the password, but they are usually successful if the password is not strong enough.
Example of a strong password 59(t£gsT&9hZ4#h3 (Yes, incredibly impractical, but this is a good example of the type of password you should be using)
- Weak passwords
Weak passwords are usually made up from real words and names, sometimes prefixed by numbers, ie 1781Roses or with numbers substituting the letters, ie W1ndm1ll or Ph0n3
These weak passwords are very easy for hackers to guess, in fact most brute force hacking apps will try number substitution very early on in the hacking process.
- Use unique passwords
It is important to use a different password for each system, ie you should never use the same password for your email as you do for twitter or facebook. If you do then it is very easy for the hacker to hijack your other accounts
- Turn on two-factor authentication
Sounds technical, but in fact it is simply an additional layer of security that ensures that no other devices can access your account. Even if the hacker has discovered the password, they will still need the code that will get sent to your phone via text message.
- Watch out for phishing sites
Phishing works like this: The hacker sends an email which looks legitimate but is actually a fake. The end user clicks a link in the email which goes to a page that looks like the login page for their email account,bank, or an online system such as dropbox. The user then enters the login and password thinking they are accessing their own account, however without realizing it, they just gave their password to the hacker. Now the hacker can use this password to log in to the users system and exploit it in any way they wish.
- Use a Password manager
Password managers are apps and services that keep track of all your passwords in a secure environment ensuring that you never lose access to vital services. Many will also complete online password forms for you automatically saving you having to type in those ultra strong passwords that we recommended. Free password managers are available at www.dashlane.com, www.lastpass.com and www.logmeonce.com amongst others
- Change your passwords today!
Your accounts may already have been compromised, so change them today. Then continue to change them on a regular basis. We know it’s a pain, but your online identity and financial stability could be at stake.