Improve your weak email security
Your email password is far less secure than you may think. Sure it may be complex (at least we hope so) but who else may know your password? Below are common ways others can find your password.
HOW MANY PASSWORDS?
Many people sign up to subscriptions on the internet which can include:
- Joining a newsletter membership
- Downloading a free application that first requires an account setup with a password
- Purchasing items online
- Creating new email accounts
We normally have a small sets of passwords which we use or recycle when we are asked to create new passwords. This is understandable as it is too darn hard to remember a new password for ever new account we sign up for. Some of us write these passwords in a book or in a password management application.
Personally, I have around 58 personal passwords in my database for different sites and services of which I have subscribed. I have another 30+ passwords for my business, which is shared with staff.
There are countless ways that your password can get into the wrong hands. One of the most common ways is from hackers accessing it through vulnerabilities in websites. I recently wrote an article about this and recommending you change your passwords often. Have a read of it here.
THE RISKS OF RECYCLING PASSWORDS
The two items Hackers will target are Credit card details and email accounts.
Last year we had a customer come to us with a potential disaster problem. They had received a call from their financial planner following up on emails apparently received from the client over the last few weeks. The most recent email authorised the financial planner to request a transfer of $150,000 into an investment opportunity.
The client up to this point had no idea that this type of fraud was being committed. The financial planner tried to email the client but the client did not receive them. The hacker had obtained login information in the client’s hotmail account and was screening the emails.
The client was very lucky the financial planner took measures to confirm the transaction.
However, it is a good example of how potentially disastrous unauthorised access to your account login details can be.
SOLUTION - 2 STEP AUTHENTICATION
As a precautionary measure, we are now recommending all users increase their email security by implementing 2-step Authentication. The 2-step authentication procedure changes the way you sign into your email account. The first step is normal where you enter your regular password but then you are prompted with an additional verification code which is sent to your phone; similar to the process implemented by some of the major banks. Our prefered email supplier and 2-Step authentication is through Google Apps.
Here are the ways you can have the additional code:
- Get codes via text message. Google can send verification codes to your cell phone via text message. Your carrier's standard messaging rates may apply.
- Backup phone numbers. Add backup phone numbers so Google has another way to send you verification codes in case your main phone is unavailable.
- Want a phone call instead? Google can call your cell or landline phone with your verification code.
- Backup codes. You can print or download one-time use backup codes for times when your phones are unavailable, such as when you travel.
- No connection, no problem. The Google Authenticator app for Android, iPhone, or BlackBerry can generate verification codes. It even works when your device has no phone or data connectivity.
- Register your computers. During sign-in, you can tell us not to ask for a code again on your computer. We'll still ask for codes on other computers.
If you don't use gmail to access your emails and instead you use an email application such as Microsoft Outlook, Apple Mail or even have emails on your mobile phone, then it is recommended you use the 2-Step authentication to generate a one time application specific password. This will protect you in the event hackers extract your main password from your email application, which is pretty easy to do with tools such as mailpv
SETTING IT UP
To Setup 2-Step Authentication in Google App, you first need to enable it for your Google Apps domain.
- Sign in to the Google Admin console.
- In the new Admin console, click Security > Basic settings.
- Under 2-step verification, check Allow users to turn on 2-factor authentication.
This makes 2-step verification available for your users, but does not automatically enroll them. To enroll, users need to configure their verification settings individually.
Next you need to have the users enable this individually on each of their Gmail accounts.
- Sign into your gmail account www.gmail.com
- Go to your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then clicking
- In the Password box, click Setup next to "2-Step verification." This will bring you to the 2-step verification settings page.
- You will then see a step-by-step guide which will help you through the setup process.
- Once you’re done, you’ll be taken to the 2-step verification settings page again. Be sure to review your settings and add backup phone numbers.
- You’re done! Next time you sign in, you’ll receive an SMS with a verification code.
Users who only access their Google Account from Android devices can use a short walkthrough to set up the Google Authenticator application on their phones. With Google Authenticator, you can generate verification codes on your phone even if your phone isn't connected to a network.
- Follow steps 1-2 in the instructions above to access your 2-step verification settings and then click Settings.
- Android users (4.0 or older) will see a screen providing an option to install the Google Authenticator app.If you prefer to receive codes via SMS instead of using the Google Authenticator app, click on the link at the bottom of the screen that says "You can receive codes by text message (SMS) or voice instead" and follow the instructions to complete the setup.
- If you would like to use Google Authenticator, click "Send me the app" to install the app on your phone and follow the instructions on your screen to complete the setup process.
- Verify that the time on your Android device is correct.
- You’re done! Next time you sign in, you’ll be prompted to enter a code that you’ll get from the Authenticator app.
Email Application Setup
If you use an email application such as Outlook, Apple mail or iPhone/iPad then you need to generate a one time authentication password to setup these devices so you're covered as discussed earlier.
Here is a video on how to set this up on your device.
If you have any questions or need some assistance with setting up email security for your business, please feel free to email me at GoogleAppsSupport@onsitehelper.com or call us on 03 9999 3106.