PDF Word Excel
← Back to Blog

Secure Your Email Account: It's the Master Key to Your Entire Online Life

By Vinay Kumar

Most people protect their bank account carefully but have a 7-character password on their email from 2014. This is backwards.

Think about what your email actually controls. Your bank password reset goes there. Your social media reset goes there. Your work accounts. Your shopping accounts. Your tax filing portal. If someone gets into your email, they don't even need to hack the other services — they can just click "forgot password" on each one.

Step 1: A long, unique password

Your email password should be different from every other password you use, and it should be long. Length matters more than weird characters. "My cat learned to open doors in 2021" is far stronger than "P@ssw0rd!".

If you can't remember it, that's fine — use a password manager. The good ones are free, work across devices, and remove the temptation to reuse passwords.

Step 2: Two-factor authentication, properly

Turn on 2FA. But not SMS-based 2FA if you can avoid it — SIM-swap attacks, where a fraudster transfers your phone number to a new SIM card, are real and increasingly common.

Use an authenticator app (Google Authenticator, Microsoft Authenticator, Aegis) or a hardware security key. Both are far safer than SMS codes.

Step 3: Recovery options matter as much as the password

Check the recovery phone number and recovery email on your account. Are they still yours? An old recovery email you no longer control can become an attack vector.

Also check: are there any "app passwords" you created years ago for some old device that you've since thrown away? Revoke them. Are there third-party apps with access to your email? Review and remove the ones you don't recognise or no longer use.

Step 4: Watch for signs of compromise

Check the "recent activity" or "sessions" page in your email at least once a month. Are there logins from cities you haven't been to? Devices you don't own? Sign them out and change your password immediately.

Look out for emails in your sent folder you didn't send. Look for inbox rules that auto-forward emails to an unknown address — this is a classic attacker trick to keep reading your mail even after you change your password.

Step 5: Keep a clean mailbox

Old emails from banks, governments, hospitals, employers — these contain a startling amount of information about you. The less old sensitive content sitting in your inbox, the less someone gets if they ever break in.

Once a year, search for messages with words like "OTP," "password," "account number," "PAN," and clean out the old ones you no longer need. Same for old attachments.

An email account locked down properly is one of the most powerful security upgrades you can make in an afternoon.