ProtonBlog(new window)

5 Essential Steps to Keep Your Email Safe

Share this page

Hacks are surprisingly commonplace. In 2014, for instance, nearly half of all American adults had some form of data stolen from corporate servers in a 12-month span, according to CNN(new window). Credit cards, telephone numbers, and login credentials are falling into the hands of bad actors who can use that information to access linked accounts.

And that’s just one way hackers can work their way into your most private information. Whether you’re trying to secure your personal correspondence or lock down trade secrets, these five rules for email safety can save you from some of the most common and preventable hacks.

1. Always enable two-factor authentication

Using two-factor authentication (2FA)(new window) is a simple but powerful security measure. It ensures that even if someone has your password, they still need something else before they can get into your account. That something else may be a variety of things, from the answer to a secret question to a fingerprint. Some forms of authentication, such as SMS or email verification, are less secure than others. Be sure to choose an email provider with safe 2FA. Many smaller email companies still do not offer any two-factor authentication, and some big providers, such as Yahoo! Mail, only offer 2FA via SMS. Proton Mail users can enable 2FA(new window) via a software token, in which a unique code is delivered to an app on a second device.

2. Take password security seriously

Everyone says this, but it doesn’t appear to be sinking in. A recent Google study(new window) found that the most common passwords are 123456, password, and 123456789. If you’ve got unhealthy password habits, we recommend using a password manager like Proton Pass, which helps you create a different, strong password for each of your online accounts. (Make sure you use the encrypted backup feature.) Your passwords should be at least 16 characters using a mix of numbers, letters, and punctuation. In this way you can fend off brute force attacks. Avoid writing down your passwords, and never share them with anyone. Never re-use passwords between different accounts.

3. Use encrypted email

Corporate data breaches have affected millions of people. Hackers have gotten into the servers of some of the largest companies in the world, including Yahoo!, LinkedIn, and Tumblr, stealing passwords, phone numbers, and credit cards. Switching to an encrypted email provider, specifically one with end-to-end encryption and zero access encryption, provides a technical solution to this problem.

For example, because all emails stored on Proton Mail are protected with zero access encryption, even a break of Proton Mail’s servers won’t leak your private communications (unlike what happened with Yahoo! Mail). In short, encryption can dramatically improve the security of your communications.

4. Protect yourself from phishing attacks

Phishing is a common way hackers can gain access to your devices and accounts, and millions of people fall victim each year. Criminals send a legitimate-looking email asking you to click a link or download an attachment. The link may ask you to enter your password (i.e. send your credentials to the hacker) or automatically download malicious software. We talked in depth about how to prevent phishing attacks(new window) in a previous article. Among our tips, pay close attention to tell-tale signs of phishing, like unofficial or misspelled email addresses. Never download or click on anything from someone you don’t know. Your email provider may offer additional protection. Proton Mail is unique in that we provide a special set of security features(new window) designed specifically to prevent Proton Mail users from being phished.

5. Protect your devices

Here’s an easy way to hack into someone’s email account: Steal their phone while they’re using it. Often the most effective hacks are also the least low-tech. Device theft is one. Keylogging software and other types of spyware are also concerns. Be aware of your physical security when traveling and in public, and always set a password for your device (many apps, including Proton Mail’s, also allow you to add extra security, such as entering a PIN or Touch ID for each new session). To prevent device hacking, check out our article on phishing(new window), don’t click untrusted links, and always install the official security patches and updates for your device. If you are using a public computer, don’t forget to log off!

We spend a lot of time thinking about security here at Proton Mail, particularly since we protect the communications of many high profile targets, like journalists. If you feel you might be at heightened risk of cyberattack, we also recommend reading our online security guide for journalists(new window), which contains some more advanced tips for overall digital security.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support!

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Ben Wolford(new window)

Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail