Email is now a pretty old service and there is almost no one who doesn’t have at least some email address even if he uses twitter to communicate (think DM) as he needs to recover accounts in case of any problems with username and password on twitter -and so on other social networks (FB, LinkedIn …). What is certainly possible is that such a person does not use his / her email account on a daily basis but still has it.
Looking at the business environment email is the primary method of communication for most businesses, and today it has become quite normal for email communication to be considered exactly the same as having exchanged official data with someone (here in some cases additional mechanisms such as digital are needed) signature so that the electronic document has the same meaning as a printed and handwritten document on paper. The main reason why email service is so popular is that the email does not have to be answered immediately as is the case with SMS, but it can also be done later, which of course is a big plus in a business environment (of course it is not considered necessary answer in just a few days because at least some normal minimum is 24 hours in a business environment).
What’s the difference between regular email and webmail?
Initially, we had a program (desktop mail client) such as MS Outlook or another installed on our computers and configured all our accounts where messages were synchronized through it. What has slowly become a trend is mobility, so this has become a limiting factor and has slowly begun to move to web-oriented clients where no special program or operating system is needed, but you need any web browser (IE, Chrome, Firefox, Opera, Safari …) may not even have full functionality but may even be on a mobile phone. Of course, this quickly became a trend and big players joined the trend, so today we have a large number of such services, the most famous of which are Gmail, Yahoo, Hotmail, Outlook, MailRU and many others.
What can we do to further protect our webmail account?
Here are some things anyone can do to further secure their webmail account:
– A strong and unique password – When a strong password is said, it means a password that is difficult to break through with different types of brute-force attacks and primarily refers to complexity (a minimum of 8 characters of which: 2 lowercase letters, 2 uppercase letters, 2 numbers and 2 special symbols so composed that this is not a meaningful word). The other thing is that the password is unique and it is primarily thought that it is not repeated in multiple places or different sites (this is one of the biggest problems because when there is a major incident where there is a data breach) is to try that code they found for a particular account elsewhere where they find that the same user has created an account (this causes someone to crack a Gmail account just because, for example, a user is on a site there with bad protection put the same username and password as on Gmail which is otherwise one of the best-protected systems).
– Using a password manager to generate and store passwords is a good practice for many reasons, and the basic one is that we do not have to remember and constantly type in the complex passwords we have generated. The second reason is that these applications generally have strong password generation systems built-in and thirdly, and more importantly, they can help us with various types of targeted phishing attacks where we receive mail with a link that takes us to sites that look like make a visual appearance and ask you to enter your username and password. If this happens, the password manager will notice that this is not the right side, as he or she will automatically need to fill in your username and password on the page, he will not do so but will report a potential phishing attack and ask you what to do next.
– Multifactor authentication – There is a trend lately and almost all serious webmail services have introduced multifactor authentication (MFA). The basic idea is that if someone somehow manages to access your information such as your username and password, he or she will still not be able to access the webmail because it will need one more thing and that is access to your mobile phone where your PIN will arrive the number required in step two. The idea is to always generate a second PIN and send it mostly to SMS, to the mobile number previously reported. This can be repulsive at first because every time you log in to the new computer you have to enter a PIN and because you always have to have your cell phone logged in, which means that if you forget it somewhere you will not be able to access your webmail account. In order not to be asked for a PIN every time because it would be tedious, the location, IP address and the device from which it is accessed are monitored and only if the data is accessed then the input is requested otherwise it is considered to be a trusted device already.
– Set up recovery mail and phone number – This is something we need to do if we want to make sure that we can access our webmail account at any time because this account or phone number will be able to recover the account. One thing to keep in mind is that this information is updated over time as it often happens that we change our phone number and email address when changing jobs or because of something else so keep an eye on this.
– Review of recent activities in the mail account – On most webmail services you have the opportunity to log in and go to a special page where you can see the latest activities in your account. This is very important as this cannot be deleted as data to cover up the trail and every activity remains permanently logged and we need to review this list regularly to be able to detect on time if there were unusual activity on the account and respond in a timely manner (we will not be of great use if we see after a month or more that there was access to the account).
– Review of trusted devices – As with the previous item, most webmail services here are able to see a list of all devices with IP addresses and other descriptions accessed by a webmail account. This should also be periodically reviewed as we may see devices other than ours that may have had access to the account. You can also see a separate list of devices in the trusted device group that do not require additional verification measures such as a PIN.
– Reviewing Granted Account Access Rights to Other Users or Applications – This is something that someone who has a shorter valid webmail account can modify and is known in most webmail services as DELEGATION or giving specific users or applications access to webmail where they have different capabilities, from reading to that and writing and sending mail from that webmail account. This should definitely be checked periodically.
– Checking Forwarding From Mail Accounts – This is something that is very useful and many of us have set it up so that we redirect most of our accounts to some webmail client that we use daily such as Gmail for example.What is the problem is that a hacker can exploit this and, through forwarding rules, set himself up as the recipient of the mail, thus gaining permanent access to everything that arrives at your mail account.
– Keep an eye on where it comes from – This is something that most people (except security professionals) think of in general. The point is that when we access webmail from public places such as internet cafes, apple kiosks and the like, we are not protected at all because we have no idea what is who and when installed on such a computer. This is very risky because such computers may contain keylogger software or who knows any other malicious software that can steal your username and password. The trend is that lately, banks have been struggling with hackers installing such software on ATM devices, so you can think of the situation with a computer in a gaming room.
Finally, I would like to emphasize that an email account today is very similar to your credit card because your entire online life is tied to it, and it is therefore very important to take every possible precaution in time so that it is not too late.