Securing Your Email

Your email account is the master key to your digital life. Password resets, bank alerts, personal conversations — almost everything flows through it. If someone gets in, they can get into everything else.

Use a Strong, Unique Password

Your email password should be the strongest one you have. If you reuse it anywhere else, change it now.

• Make it at least 16 characters using a passphrase or password manager
• Never reuse your email password on any other account
• Need help? See our full guide on Creating Strong Passwords

Enable Two-Factor Authentication (2FA)

Two-factor authentication adds a second step when you log in — even if someone steals your password, they still can’t get in.

1. Choose the Right Method

• Authenticator app (Google Authenticator, Authy, etc.) — recommended
• SMS codes — better than nothing, but vulnerable to SIM-swap attacks
• Hardware key (YubiKey) — the most secure option

2. Set It Up

1. Go to your email provider’s security settings
2. Look for “Two-step verification” or “2FA”
3. Follow the prompts to link your authenticator app
4. Save your backup codes somewhere safe and offline

Recognize Phishing Attempts

Most email breaches start with a phishing email — a fake message designed to trick you into handing over your login. Watch for urgent language, suspicious sender addresses, and links that don’t match the real domain.

For the full breakdown, read our guide on Recognizing Phishing Emails.

Check for Unauthorized Access

Someone could be in your account right now without you knowing. Do a quick audit:

1. Review Login Activity

Most providers (Gmail, Outlook, Yahoo) let you see recent sign-ins. Look for unfamiliar locations, devices, or times.

2. Revoke Unknown Devices

Remove any device or session you don’t recognize. When in doubt, sign out everywhere and log back in.

3. Check Forwarding Rules

Attackers sometimes add a forwarding rule to silently copy your emails. Go to your email settings and make sure no unknown forwarding addresses are listed.

Use Email Aliases and Disposable Addresses

Keep your real email address private by using aliases for signups and subscriptions.

• Plus aliases: Add +anything before the @ sign (e.g., you+shopping@gmail.com). These still deliver to your inbox but let you track who shares your address.
• Alias services: Tools like SimpleLogin or Firefox Relay create unique forwarding addresses you can disable anytime.

Save your real address for important accounts like banking and government services.

Quick Tips

• ✅ Use a unique, strong password for your email
• ✅ Turn on 2FA with an authenticator app
• ✅ Check login activity monthly
• ✅ Use aliases for online signups
• ❌ Don’t click links in unexpected emails
• ❌ Don’t share your email password with anyone
• ❌ Don’t ignore security alerts from your email provider

Email Security Checklist

• Email password is unique and at least 16 characters
• Two-factor authentication is enabled
• Backup codes are saved offline
• No unrecognized devices in active sessions
• No unknown forwarding rules in email settings
• Using aliases for non-essential signups
• Recovery email and phone number are up to date

Next Steps

Now that your email is locked down, sharpen your ability to spot threats with our guide on Recognizing Phishing Emails.