5 Essential Steps to Keep Your Email Safe

Hacks are surprisingly commonplace. In 2014, for instance, nearly half of all American adults had some form of data stolen from corporate servers in a 12-month span, according to CNN. Credit cards, telephone numbers, and login credentials are falling into the hands of bad actors who can use that information to access linked accounts.

And that’s just one way hackers can work their way into your most private information. Whether you’re trying to secure your personal correspondence or lock down trade secrets, these five rules for email safety can save you from some of the most common and preventable hacks.

1. Always enable Two-Factor authentication

Using two-factor authentication (2FA) is a simple but powerful security measure. It ensures that even if someone has your password, they still need something else before they can get into your account. That something else may be a variety of things, from the answer to a secret question to a fingerprint. Some forms of authentication, such as SMS or email verification, are less secure than others. Be sure to choose an email provider with safe 2FA. Many smaller email companies still do not offer any two-factor authentication, and some big providers, such as Yahoo! Mail, only offer 2FA via SMS. ProtonMail users can enable 2FA via a software token, in which a unique code is delivered to an app on a second device.

2. Take password security seriously

Everyone says this, but it doesn’t appear to be sinking in. A recent Google study found that the most common passwords are 123456, password, and 123456789. If you’ve got unhealthy password habits, we recommend using a password manager like 1Password, which helps you create a different, strong password for each of your online accounts. (Make sure you use the encrypted backup feature.) Your passwords should be at least 16 characters using a mix of numbers, letters, and punctuation. In this way you can fend off brute force attacks. Avoid writing down your passwords, and never share them with anyone. Never re-use passwords between different accounts.

3. Use encrypted email

Corporate data breaches have affected millions of people. Hackers have gotten into the servers of some of the largest companies in the world, including Yahoo!, LinkedIn, and Tumblr, stealing passwords, phone numbers, and credit cards. Switching to an encrypted email provider, specifically one with end-to-end encryption and zero access encryption, provides a technical solution to this problem.

For example, because all emails stored on ProtonMail are protected with zero access encryption, even a break of ProtonMail’s servers won’t leak your private communications (unlike what happened with Yahoo! Mail). In short, encryption can dramatically improve the security of your communications.

4. Protect yourself from phishing attacks

Phishing is a common way hackers can gain access to your devices and accounts, and millions of people fall victim each year. Criminals send a legitimate-looking email asking you to click a link or download an attachment. The link may ask you to enter your password (i.e. send your credentials to the hacker) or automatically download malicious software. We talked in depth about how to prevent phishing attacks in a previous article. Among our tips, pay close attention to tell-tale signs of phishing, like unofficial or misspelled email addresses. Never download or click on anything from someone you don’t know. Your email provider may offer additional protection. ProtonMail is unique in that we provide a special set of security features designed specifically to prevent ProtonMail users from being phished.

5. Protect your devices

Here’s an easy way to hack into someone’s email account: Steal their phone while they’re using it. Often the most effective hacks are also the least low-tech. Device theft is one. Keylogging software and other types of spyware are also concerns. Be aware of your physical security when traveling and in public, and always set a password for your device. (Many apps, including ProtonMail’s, also allow you to add extra security, such as entering a PIN or Touch ID for each new session.) To prevent device hacking, check out our above-mentioned article on phishing, don’t click untrusted links, and always install the official security patches and updates for your device. If you are using a public computer, don’t forget to log off!

We spend a lot of time thinking about security here at ProtonMail, particularly since we protect the communications of many high profile targets, like journalists. If you feel you might be at heightened risk of cyberattack, we also recommend reading our online security guide for journalists, which contains some more advanced tips for overall digital security.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.


Comments are closed.

34 comments on “5 Essential Steps to Keep Your Email Safe

  • “Your passwords should be at least 16 characters using a mix of numbers, letters, and punctuation.”

    And yet you allow passwords like “test” or “1234” at signup, please fix this.
    If one of the involved parties has a weak password it exposes all other parties too, who did everything to secure their mailbox. Please enforce a minimum password strength.

  • Question if I use a backup email address when I sign up is that a way for a back door into my account then they can use my gmail account to get in then bang not private/ confidential gine

    • The recovery email address you use at sign up can be used to recover your account. This however will imply setting a new password to your ProtonMail account, which will make the old emails in your inbox unreadable as they cannot be decrypted anymore. They would need your original password to decrypt old emails. Be sure to protect your Gmail account with additional security layers, such as 2FA.

  • Protonmail is even easier to use than Gmail. Set up ProtonMail for your parents.

    The person who leaked the CIA’s hacking tools will never be caught. The person who leaked the NSA’s hacking tools (and is now selling them!!) will never be caught.

    Get in there and leak everything from the rich and powerful! A new and better age awaits us all.

    Use encryption, ProtonMail, “SecureDrop”, Tor, etc.

    It’s a whole new era for humanity!

  • “Everyone says this, but it doesn’t appear to be sinking in. A recent Google study found that the most common passwords are 123456, password, and 12345678”

    its hard to say whether its actually sinking in or not, some accounts just arent that important. i use a password manager and secure passwords for all my important sites now but there are still a lot of sites where i use basic 123456 type passwords because they are easier to type in on a phone.
    password managers have improved a lot the last few years so its now possible to fill secure passwords on a phone with ease, but i still havnt bothered to convert them to be secure ones because it really doesnt matter if those accounts are hacked or not.

    so its sunk in for me, but im still using mostly terrible passwords and it might be the same for a lot of others, who knows!

  • I was wondering if there is a reason why you are advertising a proprietary password manager over an open source one, like KeePassXC? Since KeePassXC also uses a AES-256 encryption key, would it not be better to chose the open source version where the code can be checked? And as far as I was aware, you were wanting to open source your codes as well, so supporting other open source projects seems better in my opinion.

    • We do indeed support open-source projects. We chose a service that is easy to use by non-techsavvy users. We will add a note about this. Thank you for flagging this!

  • I had to give a security company my ID, from this email. It turned out they tricked me. Now they have access to what I write here. Can I change my username & my PW so that I can use it …instead of the one that is there?

  • Hello guys, and thank you.
    1 – My know how with git is a little bit young,
    2 – My know how about programing languages, maybe wasn’t what you looking for, because my experience comes from assembler (uP 8080 / 85) and so on. Yes, I know also C, css, HTML, BASIC, and other’s; but…
    Anyway last word is with you.
    Right now, I’m a little bit rush, so…
    Thank you again

  • DARPA was created by the USA in the late 50;s. From there forward CERN expanded on it. TOR was also an AMERICAN creation, It’s almost like they were protecting themselves against themselves. I’m just glad there is a way to avoid the loss of privacy that was not a concern of mine when I was growing up, or even 20 years ago, but has become the “status quo” lately. (Unless you can buy back you privacy, i.e.your dirty secrets, Donald.)

  • Hello I need to cancel my account. The email I wanted to open wouldn’t open with this app.

    • Hi Manni! Not too late. You can add a recovery email address by logging in to your account at mail.protonmail.com and going to Settings -> Account.

  • Why is it that each time I open my email through this ProtonMail, it default to chrome browser and stays in history? I have a feeling that all my accounts are compromised, I did everything but nothing works. I changed passwords many time and as soon as I logged in it tells me right away that password is incorrect. Thinking on purchasing maybe a premium plus for added protection.