image of a padlock   Data Safety

The largest ever discovered data breach was disclosed this September, when Yahoo confirmed account information associated with at least 500 million user accounts had been stolen.  In May, it was discovered that more than 10 million Gmail and Hotmail credentials had been stolen, when they were found for sale on the underground market.  Chances are if you are reading this, you have a Gmail, Hotmail or Yahoo email account.  So it's just email, why should we worry about it?

Your first instinct may be that there is nothing a hacker would want with your email, but have you ever sent out a resume or other attachments with personal information from your account?  Have you used your account to sign up for on-line banking or credit cards, shopping sites, utilities, income tax filing?  If your account is compromised, criminals can mine information from your inbox and sent items and use it to set up credit cards and bank accounts in your name. 

It can be hard to tell if your email account is compromised.  If someone has your account credentials they can monitor and read your email without your knowledge.  They can also delete email notifications from your on-line accounts that are reporting on usage from "unknown" systems.  They can set up forwarding rules that send copies of your incoming and outgoing messages to a separate account.  They can send email and viruses to other people using your email address.

Here is what you should do to protect your data in email accounts:

1.  If your provider offers two-factor or multi-factor authentication, sign up for it. Two-factor or multi-factor methods are all but unbreakable by criminals.  Hands down, this is the best thing you can do to protect your email data.

Yahoo uses a feature called "Account Key" which send a code to your phone.  That code used along with your password ensures that you are the only one who can access your account.  

Gmail uses a similar solution, and they call it "2-step verification".

Hotmail and other Microsoft accounts call their solution "two-step verification".

Visit the site of your email provider to find out how to sign up.

2. Setup strong passphrases.

A passphrase is longer than a password, which makes it harder to compromise and easier to remember.  You may even take two of your passwords you have used in the past and combine them into one longer one.  One guideline is to not use popular phrases from books or movies as these are often guessed by criminals.  You need to pick words that matter to you, but don't matter to anyone else. For example, "NissanAltima" can be easily guessed.  Instead, you might try "My03AltimaIsBlue."

3. Create different usernames and passwords for your most critical sites.

Best practice is to use different passwords and user id's for each site you need to secure.   This can get overwhelming, depending on how many sites you belong to, but at least separate your most critical sites from your email and/or social networking credentials.  

One thing that can help are secured applications called "password managers".   These tools help you securely manage all the sites, passwords and user ids you use.  The more commonly used password management software include: Dashlane, KeePass, and LastPass.