This article was originally published as part of the Pobox blog. Pobox was acquired by Fastmail in 2015.

Are you keeping your email secure?  At Pobox, we know your account is more than just a place to receive messages — it’s your identity in the online world. It's your username. It's how you identify that you are you electronically.

You don't share that online identity, and you definitely don't want to share it with a malicious user. A criminal taking over your accounts can break into your other online services like your bank, pretend to be you, and trick friends and relatives into handing over passwords or even money.

The recommendations on how to protect yourself online can be overwhelming, but don't despair! As part of FastMail's #securitymatters rollout, we're here with our top two suggestions.

1. Install a dead bolt

Passwords are like locks, and some doors are more important than others. Your email is the front door and master key to most of your online identities. If a malicious user controls your email, they can reset your passwords everywhere else (like your bank account).

The best protection? Just like in your home, it’s two sets of locks — two-step verification. (As time has passed, more services now refer to 2-factor authentication (2FA) as "two-step verification". They're the exactly the same, but you'll see the new language throughout the site.)

It combines something you know (your password) and something you have (your phone or a security key.) 

Everyone on staff has heard or dealt with a horror story of a stolen email account, so when we added two-step verification in 2014, we all turned it on immediately. A growing number of users add this extra protection step every month. Join them in protecting your account now!

Recently, two-step verification was in the news because hackers had convinced a target's mobile phone provider to transfer the targets phone number to them. As a result, NIST now recommends security codes not be provided over the network. At Pobox, SMS is only a backup lockout method. We email you every time a lockout code is used, whether it's sent via SMS or it's a printed code.

2. Protect your keys

The most common way for an attacker to get your password is password reuse. One hacked service can lead to a multitude with reused passwords. You can protect against these attacks with one simple tool: a password manager. A password manager makes it easy to use a distinct password for every service. Good password managers will even generate random passwords for you, making it impossible for someone to guess. Double your protection by using AllMail at a personal domain to use a distinct email address for every site, too.

Many browsers have a basic password manager built in. We prefer stand-alone tools like 1Password or LastPass — their syncing tools let you access your passwords on both your computer and your phone.

Since password reuse is one of the easiest ways to hack an account, app passwords are now generated for you. (Existing app passwords will still work, though you may want to update them if you know you used one of your "favorite" passwords.)

Get your ounce of prevention.

Online security is like getting vaccinated. Be proactive before you ever have a problem. If you haven't checked your security settings recently, head over to the Profile and Security section. We'll highlight what you should turn on to get standard or restricted security.

As part of this rollout, we're also simplifying authentication between Pobox and FastMail for Mailstore users. Starting today, a single login will log you in to both your settings at Pobox and your webmail at FastMail. We hope this will make your account smoother and faster for you!