It wasn’t all that long ago that the use of web-based email or “webmail” was viewed as unprofessional and something that most people used only because it was free and convenient.
Submitting a resume with a Hotmail email address may well have raised some eyebrows. Microsoft has rebranded Hotmail as Outlook, and by virtue of the name change alone gave what is essentially the same webmail service added gravitas. Gmail never had the stigma of a Hotmail (or worse, AOL) email account, but as Google popularized cloud-based productivity suites it too gained greater acceptability as an appropriate email address for business use.
There has also been greater integration of webmail with other online services over the past few years. While overall this is a welcome step forward, it does come at a cost. A single compromised Google or Outlook password can now give away the keys to the kingdom and allow access to your email history, personal and business documents, photographs, and contacts.
As a result, along with the increased popularity of web-based email comes increased concerns about keeping those email accounts secure. A few simple steps can help lower the risk of your email account being compromised . These four practices aren’t specific to Outlook or Google -- they are true for any web-based email, and should help you keep your web based email safe:
Use a strong, unique password
Don’t reuse passwords from one online account to another. I know that it’s hard to keep them all straight sometimes, but you don’t want a data breach at some little website where you have an account to expose your email password as well. Exactly that has happened many times to many people.
If you want to make life easier on yourself, use a password manager. If you don’t use a password manager, at least use strong and unique passwords for important accounts like your email.
Use two-factor authentication
This will require you to enter a unique code in addition to your password when you sign in to your account on a new or untrusted device -- the code is usually sent via text message to your cell phone. Since two-factor authentication requires that you have access to both your login information and your cell phone to retrieve your code, it can protect your account from being accessed, even if someone has your password.
This is one of the easiest, most effective steps you can take to improve the security of your email. With Outlook, you can find the option to setup and enable two-factor authentication in the “Security and privacy” section of the Account Settings page. Google has a specific page that will walk you through the process for adding two-step verification for your Google account.
Do not share your password with anyone
Not your girlfriend, boyfriend, buddies … no one. All it takes is one argument or breakup, and someone who is angry with you has a quick and easy way to take some revenge. Most people are not going to go down this road, even when upset, but unfortunately, it does sometimes happen.
Don’t access your sensitive accounts over open public Wi-Fi
This is becoming less vital as always-on VPNs such as Android's "Wi-Fi Assistant" become more common, but it is still a rule to consider following. Yes, it will probably be fine, but there is always a small chance of a man-in-the-middle attack, and you should exercise caution.
This really applies to any sensitive information that you want to protect, not just email. I would strongly suggest that everyone consider the use of a VPN whenever taking advantage of public Wi-Fi.
So are these four steps guaranteed to keep your accounts secure? No, but they will make it far less likely that they will be compromised. The amount of effort these steps require is minimal, but the headaches they may help you avoid are significant.