If you don’t already, it is time to pay more attention to email security. We’re sharing actionable tips for keeping your email secure. By secure, we mean preventing unauthorized parties from accessing it.

These 7 tips are specifically for individuals using public email services like Gmail, Outlook, iCloud, Yahoo, and others, not private or business email addresses.

1. Use strong passwords – and preferably a password manager

SafetyDetectives says the most common passwords are 123456, password, and qwerty. Using a simple password is asking for trouble. If it’s something sentimental and easy-to-guess, a hacker is likely to figure it out.

  • Create strong, unique passwords instead. What makes a password strong? Random numbers, special characters, and capitalizations.

  • Don’t write down your passwords on a piece of paper and keep it in your desk or purse. If you have to write down passwords, keep them in a safe place that only you have access to.

  • Preferably use a password manager like LastPass or 1Password. They store complicated passwords securely and make them available when you need them.

2. Enable two-factor authentication

No matter how strong a password is, someone may get their hands on it if they try hard enough. That’s where two-factor authentication (2FA) comes in. In addition to the first factor of authentication, which is the password, 2FA-enabled services require a second factor for added security. This second factor is usually only something you can access. For example, a code sent to your phone via SMS or a random code from a 2FA app like Google Authenticator or Authy. The combination makes your email almost impenetrable.

Here’s how to enable 2FA for popular email providers:

3. Set up and secure your recovery email

You may lose access to your primary email for some reason. You may even end up losing your phone with its linked 2FA access. In these cases, having a recovery email is crucial, so make sure you have one set up. The recovery email is a secondary email address, preferably from a different service provider. Take the same precautionary measures on it as you do with your primary account.

4. Keep your devices safe

Many of us are lax with the physical safety of our many devices. If you carelessly keep your device lying around in public places, it is easy for an intruder to access your data. If your phone or laptop is stolen, hackers can easily access your already-logged-in email. We recommend some basic safety precautions:

  • Have a system-wide strong password for your computers, laptops, tablets, and mobile devices.

  • Don’t leave your devices lying around unattended in public places.

  • Use additional passwords or biometric authentication for apps that store sensitive information.

5. Learn to identify malware, scams, and phishing attempts

Prevention is always better than the cure. The best way to keep your email secure is to recognize threats and avoid them. Threats come in many forms with malware attacks, scams, and phishing attempts being the most common.

  • Avoid responding to emails from unknown people.

  • Do not click on links from questionable domains. The Federal Trade Commission provides consumers with more information on how to recognize phishing.

  • Only open attachments if you trust the sender, and even then, open them only after you scan the attachments with anti-virus software.

  • Finally, never provide personal information and passwords to requests sent via email.

6. Update your software frequently

Developers come up with new security measures, and hackers find new ways around them – it’s a constant, never-ending cycle. New security measures are rolled out to users in the form of software updates. We encourage you to always update your software as soon as possible. Keeping your apps and operating system updated is how you stay one step ahead of hackers.

7. Advanced measures – optional extra protection

  • Avoid using public WiFi: Hackers often piggyback on open-to-all, unsecured public WiFi networks. Avoid using them if possible. When using them, route your data through a VPN (Virtual Private Network), which automatically encrypts your data. Some of the providers of VPN services are ExpressVPN, NordVPN, and TunnelBear.

  • Check account security occasionally: Many popular email providers like Gmail provide their own security dashboards. We recommend checking at least once every few weeks. Make sure your secondary email and 2FA are up to date.


Don’t completely rely on email providers like Gmail and others to keep your account safe. You need to follow the latest security best practices to stay on top of things.

Did this answer your question?