This is the second post in a mini-series about security, to mark an upcoming security upgrade to our login and authentication system. All new changes will be launching on Monday, 25th July 2016.
At FastMail, we know your account is more than just a place to read messages — it’s your identity in the online world. It's your username. It's how you identify that you are you electronically. Companies use it to deliver important information to you. Your stored mail contains memories, personal details and sensitive or critical information.
You don't share that online identity, and you definitely don't want to share it with a malicious user. A criminal taking over your account can trick friends and relatives into handing over passwords or even money. Spammers use your good reputation to get their bad content into people's mailboxes.
But the recommendations on how to protect yourself online can be overwhelming! With so many possible risk factors out there, it can be easy to just tune it out, and hope it never happens to you. But don't despair! We've broken it down to 3 key steps.
1. Protect your email, protect your identity
Passwords are like locks, and some doors are more important than others. Your email is the front door and master key to most of your online identities. If a malicious user controls your email, they can reset your passwords everywhere else (like your bank account).
The best protection? Just like in your home, it’s two sets of locks — two-step verification (also known as two-factor authentication or 2FA). It combines something you know (your password) and something you have (your phone or a security key). Our upcoming security changes make it easy to set up and use two-step verification on your FastMail account.
Not all your online accounts require two-step verification, but we recommend it for identity services (like Facebook or Twitter), financial services (your bank, your credit card company), and other services with critical data (Dropbox, your DNS provider).
2. Protect your keys
The two most common ways for an attacker to get your password are either knowing enough about a user’s personal information to guess it, or reuse of a password compromised from another site. You can protect against both of these attacks with one simple tool: a password manager. A password manager makes it easy to use a distinct password for every service. Good password managers will even generate random passwords for you, making it impossible for someone to guess.
3. Trust, but verify
Less common than password reuse or guessable passwords, but a growing problem, is phishing. Phishing is a targeted attack, where a malicious user claims to be a trusted contact (FastMail, your bank, a loved one) to get you to provide your password or other personal information.
When you receive an email from the FastMail team, it will always have our security check mark. (Want to know what the security check mark looks like?) If you want to be sure you're on the proper FastMail website, look for the green padlock badge in the URL bar.
For any service, when in doubt, do not click on the links in a message -- go directly to their website instead. If it's urgent enough for a company to email you, you should expect to see an alert on your account, too.
Follow these simple tips, and stay safe online.
Got any security questions or recommendations? Tweet us @FastMail using the hashtag #securitymatters.