What's your email security best practice?

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: mk4 on August 14, 2019, 10:58:53 PM

Quote from: ?? on ??

True, but there are 3 ways to circumstance the security/privacy problem at low cost :

...

I get your point. But unfortunately, the computer cafe owners definitely wouldn't allow you to do this. They record and charge their customers by the minute through software that's installed on the client computers for this exact purpose; and the computer would automatically lock if the user runs out of credit. Booting into the USB means that that software obviously wouldn't be able to run.

True, but it might be allowed if you borrow friends PC or use public PC.

Quote from: mk4 on August 14, 2019, 11:53:26 PM

Quote from: tbct_mt2 on August 14, 2019, 11:16:32 PM

I much appreciated your solutions for them. Personally, I always keep using Tor.

Tor is going to help you with privacy, but not really in terms of account security. Even if you use Tor on a device that's not yours, you're still screwed regardless if the device has a keylogger anyway.

And that's why i suggest install linux on-the-go on flashdrive

noselfdub

newbie

Activity: 67

Merit: 0

Use 2FA on an offline mobile phone and write down on paper your 2FA backup phrase will make your email safe from hackers.

tbct_mt2

hero member

Activity: 2254

Merit: 831

Quote from: mk4 on August 14, 2019, 11:53:26 PM

Tor is going to help you with privacy, but not really in terms of account security. Even if you use Tor on a device that's not yours, you're still screwed regardless if the device has a keylogger anyway.

Sure. I have never used computers that are not mine. I can stay away from crypto market for a while, one or two weeks but I will keep that rule. One bitcoin is always one bitcoin, and I don't lose any bitcoin if I am out of internet connections or my computers for weeks.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: tbct_mt2 on August 14, 2019, 11:16:32 PM

I much appreciated your solutions for them. Personally, I always keep using Tor.

Tor is going to help you with privacy, but not really in terms of account security. Even if you use Tor on a device that's not yours, you're still screwed regardless if the device has a keylogger anyway.

tbct_mt2

hero member

Activity: 2254

Merit: 831

I knew everyone have their own lives and somewhere around the world, there are people who are unable to have their own computers, because they currently have struggled with their livelihoods. In my previous post, I implied about people who have their own computers, but they still carelessly use other devices, and put their identities, accounts, funds under high risks.

Quote from: mk4 on August 14, 2019, 01:19:13 PM

Not everyone is financially capable of buying themselves a computer, sometimes even a decent low-end smartphone. Shocking right? Poverty exists, especially on 3rd world countries where poverty is a lot worse compered to poverty that you see on countries like the United States. Hence why computer cafes are a very viable business in poor countries due to the significant demographic of people that can't pay for computers and internet connection.

I much appreciated your solutions for them. Personally, I always keep using Tor.

Quote from: ?? on ??

True, but there are 3 ways to circumstance the security/privacy problem at low cost :
1. Buy a flash-drive and install Ubuntu on-the-go on it. You also could windows as alternative.
Boot into the USB when you use someone else computer.
2. Buy a Raspberry Pi, microSD and necessary second-hand component (mouse, keyboard & screen). It should costs $60 or lower & raspberry pi uses very little electricity.
3. Use Tor when you use free Wi-Fi connection.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: ?? on ??

True, but there are 3 ways to circumstance the security/privacy problem at low cost :

...

I get your point. But unfortunately, the computer cafe owners definitely wouldn't allow you to do this. They record and charge their customers by the minute through software that's installed on the client computers for this exact purpose; and the computer would automatically lock if the user runs out of credit. Booting into the USB means that that software obviously wouldn't be able to run.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: xSkylarx on August 14, 2019, 10:28:14 PM

Never heard of this. How does this function?

Password managers are generally an encrypted database of all your passwords. In addition to automating all the work involved in your set up of manually storing them to a word document, good password managers such as KeePass have a number of additional features which make them superior, such as generating truly random passwords, allowing key files to be used, keeping passwords encrypted even while KeePass is open to protect against memory dumping, protecting against key loggers and clipboard loggers, and so forth.

Quote from: xSkylarx on August 14, 2019, 10:28:14 PM

As long as you enabled 2fa, your email is safe even if you login to different devices.

Be careful of falling in to the trap of assuming you are immune to hacking because you use 2FA. Sure, 2FA makes things more difficult, and it is generally a good idea to use 2FA, but no system is immune to being hacked. Weak 2FA (such as SMS or email) is fairly easily hacked through social engineer or password resets. Stronger 2FA (such as Authy) still isn't immune to the user entering their code on a fake page, as has happened to users of a number of crypto exchanges in the past.

xSkylarx

hero member

Activity: 2352

Merit: 593

Quote from: Baofeng on August 14, 2019, 08:17:12 AM

[5] Password Manager - There's a lot of free password manager out there, so I advise others to try it as well.

Never heard of this. How does this function? What I do is store them to a word document, compressed it as a password protected file then make multiple backups to my devices. If possible I hide it like on my pc.

As long as you enabled 2fa, your email is safe even if you login to different devices. I have emails that was created 2 years ago and I've never change its password but still it wasn't hacked or someone attempt to hack it. I just don't connect my device to public wifi's as I don't feel safe.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Set your other email as the recovery email of your email if you won't be able to access your email anymore. My point is to use the second email as the first email's email recovery and use third email as the recovery email for the second email and use the third email as the first rmail's recovery email. Like this one.
Email Number Recovery Email (Email that will be use to recover your email)
Email #1 Email 2
Email #2 Email 3
Email #3 Email 1

harizen

legendary

Activity: 3122

Merit: 1398

For support ➡️ help.bc.game

Don't login your e-mails on other machines e.g public internet cafe etc. Been doing this long time ago especially when doing travels.

That's my problem in the past. However, we all know that one of the best email provider, Google (Gmail) will not allow login to the unrecognized devices until passing the verification with the used of recognized devices. That's one the best feature I like so even for let' say your password got steal, no one can able to login it to a new device. It will also give a prompt to the user that someone is attempting to login your email.

There are really times we can't avoid logging our mails on another machine during urgent matters especially if we are away at our own machine. For these, we just have to be vigilant.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: tbct_mt2 on August 14, 2019, 11:56:32 AM

LOL. Why do you or we have to log in emails on computers that are not yours or ours?

Not everyone is financially capable of buying themselves a computer, sometimes even a decent low-end smartphone. Shocking right? Poverty exists, especially on 3rd world countries where poverty is a lot worse compered to poverty that you see on countries like the United States. Hence why computer cafes are a very viable business in poor countries due to the significant demographic of people that can't pay for computers and internet connection.

tbct_mt2

hero member

Activity: 2254

Merit: 831

Quote from: Theb on August 14, 2019, 11:39:57 AM

To add I myself also wouldn't personally log-in my email credential on just any computer I see, there is really no assurance that the computer I am using has a keylogger or any kind of tracking virus you cannot simply just trust computers that you don't own. You must avoid computers that you do not own much more if you don't have any kind of second layer protection for your emails. Because hackers would instantly have full access into your email accounts without the use of it.

LOL. Why do you or we have to log in emails on computers that are not yours or ours? Nowadays, people can bring their laptops from houses to work officies. They can surely control their emails; if they don't do stupid things on Internet. Logging emails on computers of others, I don't think I will do it anytime in my life. I even don't log in emails on my phones; only do it on non-mobile devices (laptops, computers). If our devices are not totally safe, we are not definitely sure about that, there is no reason to use and log in email accounts or other accounts on computers of colleagues, or anyone else. They likely use their computers carelessly, and don't install any antivirus softwares for their computers.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: Get Ready on August 14, 2019, 10:25:48 AM

I don't see anyone recommend logging in email by code sent via phone number. Use a feature phone ( not android phone or Iphone ) to receive code every time you log in, you never get hacked.
2FA, online password manager sometimes are not safe.

As much as possible, do not use SMS verification. Use 2FA instead. A sim swap attack can be used against you. Though a bit unlikely unless you're some huge famous investor, it still isn't worth the risk.

https://thenextweb.com/hardfork/2019/05/13/sim-swap-2-4m-cryptocurrency-theft/
https://www.coindesk.com/crypto-investor-awarded-over-75-million-in-sim-swapping-hack-case

target

legendary

Activity: 2212

Merit: 1041

Do not save your password when you login into your browsers. Hope someone had already said this before me. Browsers aren't very secure as they say it is. I am however not a fan of protonmail when it comes to sending messages to a lot of people at once, I tried it once and my account got suspended. Grin

Theb

hero member

Activity: 1680

Merit: 655

To add I myself also wouldn't personally log-in my email credential on just any computer I see, there is really no assurance that the computer I am using has a keylogger or any kind of tracking virus you cannot simply just trust computers that you don't own. You must avoid computers that you do not own much more if you don't have any kind of second layer protection for your emails. Because hackers would instantly have full access into your email accounts without the use of it.

tranthidung

legendary

Activity: 2170

Merit: 3858

Farewell o_e_l_e_o

Quote from: CryptopreneurBrainboss on August 14, 2019, 09:14:26 AM

[6] Use different password for all your emails. As a compliment to point 3 (as you listed above), the use of different password is also vital. This helps in situations if your emails or any online account gets compromised, the hacker can't easily have access to your other emails as they're not linked with the same password which is usually their first guess since majority of online users use similar password for all their online activities.

Additionally, using unique passwords for different accounts, not only emails. If someone use different strong passwords for different emails. It is good practice but not enough. Moreover, it turns to be bad, if they use those email passwords for their accounts on banks, crypto exchanges, casinos, whatsoever.
In a nutshell, using unique, and strong passwords for different accounts.

Get Ready

newbie

Activity: 42

Merit: 0

I don't see anyone recommend logging in email by code sent via phone number. Use a feature phone ( not android phone or Iphone ) to receive code every time you log in, you never get hacked.
2FA, online password manager sometimes are not safe.

OmegaStarScream

staff

Activity: 3402

Merit: 6065

Quote from: bitmover on August 14, 2019, 10:07:02 AM

About passwords, certainly the only password you should know is your strong password of your password manager. All other passwords should be automatically generated by it.
-snip-

This. Make sure to not use online password managers such as LastPass tho, stick to KeePass or something similar (open-source/offline).

You should also not post your email address publicly, it will just get picked by bots and you'll be a target of hacks/phishing attempts (emails).

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Best practice is to quit using Gmail and switch over to more secure encrypted email alternatives.
As for passwords, best to use rand password generator, and backup it up.

I am still looking for password manager that works best for me... testing few of them

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

About passwords, certainly the only password you should know is your strong password of your password manager. All other passwords should be automatically generated by it.

Also, use 2FA everytime it is possible.

With that practice, you doin't need to change any password ever, imo.

Topic: What's your email security best practice? (Read 299 times)