One of the most common irritants in modern computing is being asked to change your password. But it is important, especially your email password. Let me explain…
Learning your email address is easy. If I can work out your password, then I can log into pretty much any of your other websites, even if they have a different password, and I can stop you from logging into them.
You see, once I’m logged into your email address, I can guess you have an account with any number of services – Facebook, Dropbox, Google, SKYTV, Amazon, anything. I can try to log into any of these. If I hit the ‘forgot password’ link, then that service will email your email address with a reset link. Provided I can read your emails, then I’ll get that message. When I do, it’s a simple matter to change your password. I know your email address, I’ve changed your password, and that’s all it takes – I’m logging in to your various websites and causing havoc.
At the same time, I’ll change your email password so you can’t log back in and access your own accounts – that’s a bit of mischief all by itself.
So, what can you do? Make sure your email password is really hard to guess. Change the password frequently. Use two-factor authentication if you can (where you need a txt message code or similar as well in order to get access), or have an unlock code with a trusted third party.
Essentially, your email is the key to your online world. Keep your email password secret, and hard to guess. Make sure it’s not one of these commonly used (and easily guessed) 25 most common passwords of 2014. Nor one that someone could guess if they knew a bit about you (e.g. the name of your street, your pet or a family member).
If a hacker can’t guess your password, then maybe they can trick you into telling them. They’ll lure you to a fake website masquerading as a genuine one, and ask you to log in. As you try to log in, you’ll key in your password, and they’ll record that against your email address. Even worse, if you try to log in and fail, then you might think you’ve made a mistake and try your other most commonly used passwords in a futile attempt to log into the fake site, giving the hacker plenty of clues to guess your email password. (That’s one reason why all those fake ‘phishing’ emails are sent to you about banking accounts, courier packages etc – they are just trying to get you to log into their fake websites)
The best passwords are ones that are hard for you to remember, complex (a mix of upper and lower case, letters, numbers and symbols) and that are regularly changed. Take care and be on your guard! A bit of extra vigilance can avoid a world of problems.