How can I avoid my email being hacked while online?

Drsunil V May 5, 2014
Pinterest Stumbleupon Whatsapp

How can I avoid my email address being hacked online? Many webpages ask to register with an email and a “password” which can be the same as for email address itself. Is this an intentional by miscreants who intend to utilize their subscriber’s email addresses unrighteously?

Ads by Google

  1. Bruce E
    May 5, 2014 at 4:28 pm

    The only other thing to add here is you should have at least 2 email accounts. If you use the second one for nothing else, set it up as the "alternate account" for your primary email in case something happens to the first. It will allow you to get a password reset email or whatever else is necessary in the event your primary email account has a problem. Without this, you may have no options for recovering the first email account.

    • Drsunil V
      May 5, 2014 at 5:08 pm

      Please tell , do disposable emails help in this regard?

    • Ben S
      May 5, 2014 at 5:19 pm

      I wouldn't recommend a disposable email for a secondary email. It can easily be accessed by someone else or delete important messages. Set up a real email.

    • Bruce E
      May 5, 2014 at 6:03 pm

      A disposable email is just a temporary thing. You don't want temporary for something critical, such as a recovery address. It is something that MUST be there at all times just in case you need it.

    • Drsunil V
      May 7, 2014 at 4:03 pm

      I understood points of both of you

  2. Oron J
    May 5, 2014 at 11:23 am

    Well, after such great answers from Ben and Tim, there's not a whole lot to add, except for one thing. The reason why websites ask for your email address is that they need a unique username, and hopefully one which you will remember. By using your email address, they achieve both those aims. The address also provides them with a way of of communicating with you should it become necessary (for example, to send you a password reset link) and that is a secondary benefit.

    No harm in reiterating what has already been said about passwords. You should keep your passwords separate. You should definitely not use your email password for anything else at all since your email essentially establishes your identity (i.e. anyone who can access your email will be able to pretend to be you and access anything you can currently access, or even subscribe in your name to other services).

    If you are concerned about giving your normail email address to all those sites, you can set up a separate email account for the purpose. Some email services like outlook.com even have an "alias" option which makes it easier to manage the additional account.

    • Drsunil V
      May 5, 2014 at 5:07 pm

      Please tell , how can one rely on password managers to be fool-proof

    • Bruce E
      May 6, 2014 at 5:51 am

      It isn't a matter of password managers being fool-proof. Nothing is fool-proof. If you build something that is fool-proof, someone else will come along and build a bigger fool.

      If a user wants to use poor quality passwords on a site, a password manger will still remember all of them securely for you. The advantages of a password manager are: you only need to remember the master password to open your password vault; once logged into the manager, it will auto-fill the username and password (and possibly other site-specific fields with some software); most password managers can generate more secure pseudo-random passwords than a person can; some password managers can run audits on your passwords and tell you if you are using the same password on multiple sites; some allow the user to save secure notes; and most will allow the user to automatically fill web-based forms (new site registration, etc).

    • Drsunil V
      May 7, 2014 at 4:03 pm

      Thanks! Nice of you both to put efforts on this topic

  3. Tim B
    May 5, 2014 at 3:10 am

    Ben has made a great answer above, and I've little to add beyond the obvious: what password YOU choose to use on any given website is YOUR responsibility. If you are using the same password more than once (anywhere, for anything) then you are not taking all the precautions you can to prevent your accounts from being hacked. It is simply wrong to assume website owners want to phish your password simply by allowing you to sign up with an email address.

    You should never under any circumstances use the same password more than once, especially your email password. Your email account is your last line of defence – it allows you to reset all of your other accounts should they be breached. You should enable two-factor authentication to make it next to impossible for anyone other than you to access it.

    Learn about two-factor authentication: http://www.makeuseof.com/tag/what-is-two-factor-authentication-and-why-you-should-use-it/
    Some services that you should lock down with it: http://www.makeuseof.com/tag/lock-services-now-two-factor-authentication/

    I personally don't know any of my passwords, because they're all randomly generated 20+ character long gibberish that I recall from a database as and when I need them. Look into 1Password, Dashlane, KeePass and any other "secure password manager" type software if this appeals to you!

    • Drsunil V
      May 5, 2014 at 5:17 pm

      Thanks. Your answer is nice. Please note that I am not assuming for any website owner but query is for a small percentage of webpages which may be registering for unrighteous reasons

  4. Ben S
    May 5, 2014 at 2:37 am

    First off, and most importantly, you should be using different passwords for every online account, which answers your original question. Also, your email should be one of your best passwords, because if someone gets into it they can reset your other passwords.

    That being said, usernames and passwords are very standard on the web - it's up to you to not use the same password on a website as on your email. Legitimate websites won't do anything with your login info, but the more places you use a password the more likely it is to be compromised.

    Using a password manager, like LastPass, can help greatly in this. It remembers your passwords for you, so you can let it create strong ones and be even safer.

    I also greatly recommend enabling two-step authentication on every site you use that allows it, especially your email. This requires you to have a mobile device to login, protecting your account even if someone were to get your password.

    Lots of bad things can happen online, but with some common sense and a bit of help, you'll be very secure. If you change all your passwords to be more secure, unique, and use two-factor authentication, you'll be well off.

    • Drsunil V
      May 5, 2014 at 5:12 pm

      Thanks. How can password manager's password be prevented from being hacked?

    • Ben S
      May 5, 2014 at 5:18 pm

      I'll refer you to two links to read more about this, as it's beyond the scope of this discussion.

      http://www.makeuseof.com/answers/how-secure-is-lastpass/

      http://lifehacker.com/is-lastpass-secure-what-happens-if-it-gets-hacked-1555511389

      In short, use a secure password and 2-step there and you should be okay. It's much more secure than using poor passwords.

    • Drsunil V
      May 5, 2014 at 5:23 pm

      Please also tell , is it better to utilize chrome's own remember password option than to rely on manager app to remember password?

    • Ben S
      May 5, 2014 at 5:27 pm

      Absolutely not. Browser password managers shouldn't be used. If you're going to use a password manager, use something like LastPass, not the browser's built-in one.

      They're insecure and not encrypted like LastPass is. They can potentially be viewed by other users on the computer.

    • Drsunil V
      May 6, 2014 at 4:59 pm

      Thanks. Nice to see your interest on internet security. Please tell , like chrome's inbuilt feature , doesnt lastpass chrome extension also be viewed potentially on other devices signed into same google account?

    • Ben S
      May 6, 2014 at 7:35 pm

      As long as you have LastPass' extension set to automatically sign out, and you don't have it remember your password, you should be fine.

      Please understand that using the Internet in any way carries some risk. You can't guarantee 100% that you'll ever be completely safe from any possible issue, but you can reduce your chances of problems. Keep your Google account secure, don't share your passwords, and keep tabs on your hardware. You'll be fine.

    • Drsunil V
      May 7, 2014 at 3:58 pm

      Thanks. Your answers have been positive across multiple cross-queries.

Ads by Google