Pages:
Author

Topic: What's your email security best practice? (Read 326 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
August 15, 2019, 02:51:03 AM
#23
True, but there are 3 ways to circumstance the security/privacy problem at low cost :

...

I get your point. But unfortunately, the computer cafe owners definitely wouldn't allow you to do this. They record and charge their customers by the minute through software that's installed on the client computers for this exact purpose; and the computer would automatically lock if the user runs out of credit. Booting into the USB means that that software obviously wouldn't be able to run.

True, but it might be allowed if you borrow friends PC or use public PC.

I much appreciated your solutions for them. Personally, I always keep using Tor.

Tor is going to help you with privacy, but not really in terms of account security. Even if you use Tor on a device that's not yours, you're still screwed regardless if the device has a keylogger anyway.

And that's why i suggest install linux on-the-go on flashdrive
newbie
Activity: 67
Merit: 0
August 15, 2019, 06:40:10 AM
#22
Use 2FA on an offline mobile phone and write down on paper your 2FA backup phrase will make your email safe from hackers.
hero member
Activity: 2366
Merit: 838
August 14, 2019, 10:56:50 PM
#21
Tor is going to help you with privacy, but not really in terms of account security. Even if you use Tor on a device that's not yours, you're still screwed regardless if the device has a keylogger anyway.
Sure. I have never used computers that are not mine. I can stay away from crypto market for a while, one or two weeks but I will keep that rule. One bitcoin is always one bitcoin, and I don't lose any bitcoin if I am out of internet connections or my computers for weeks.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 14, 2019, 10:53:26 PM
#20
I much appreciated your solutions for them. Personally, I always keep using Tor.

Tor is going to help you with privacy, but not really in terms of account security. Even if you use Tor on a device that's not yours, you're still screwed regardless if the device has a keylogger anyway.
hero member
Activity: 2366
Merit: 838
August 14, 2019, 10:16:32 PM
#19
I knew everyone have their own lives and somewhere around the world, there are people who are unable to have their own computers, because they currently have struggled with their livelihoods. In my previous post, I implied about people who have their own computers, but they still carelessly use other devices, and put their identities, accounts, funds under high risks.
Not everyone is financially capable of buying themselves a computer, sometimes even a decent low-end smartphone. Shocking right? Poverty exists, especially on 3rd world countries where poverty is a lot worse compered to poverty that you see on countries like the United States. Hence why computer cafes are a very viable business in poor countries due to the significant demographic of people that can't pay for computers and internet connection.
I much appreciated your solutions for them. Personally, I always keep using Tor.
True, but there are 3 ways to circumstance the security/privacy problem at low cost :
1. Buy a flash-drive and install Ubuntu on-the-go on it. You also could windows as alternative.
Boot into the USB when you use someone else computer.
2. Buy a Raspberry Pi, microSD and necessary second-hand component (mouse, keyboard & screen). It should costs $60 or lower & raspberry pi uses very little electricity.
3. Use Tor when you use free Wi-Fi connection.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 14, 2019, 09:58:53 PM
#18
True, but there are 3 ways to circumstance the security/privacy problem at low cost :

...

I get your point. But unfortunately, the computer cafe owners definitely wouldn't allow you to do this. They record and charge their customers by the minute through software that's installed on the client computers for this exact purpose; and the computer would automatically lock if the user runs out of credit. Booting into the USB means that that software obviously wouldn't be able to run.
legendary
Activity: 2268
Merit: 18748
August 14, 2019, 09:44:01 PM
#17
Never heard of this. How does this function?
Password managers are generally an encrypted database of all your passwords. In addition to automating all the work involved in your set up of manually storing them to a word document, good password managers such as KeePass have a number of additional features which make them superior, such as generating truly random passwords, allowing key files to be used, keeping passwords encrypted even while KeePass is open to protect against memory dumping, protecting against key loggers and clipboard loggers, and so forth.

As long as you enabled 2fa, your email is safe even if you login to different devices.
Be careful of falling in to the trap of assuming you are immune to hacking because you use 2FA. Sure, 2FA makes things more difficult, and it is generally a good idea to use 2FA, but no system is immune to being hacked. Weak 2FA (such as SMS or email) is fairly easily hacked through social engineer or password resets. Stronger 2FA (such as Authy) still isn't immune to the user entering their code on a fake page, as has happened to users of a number of crypto exchanges in the past.
hero member
Activity: 2366
Merit: 594
August 14, 2019, 09:28:14 PM
#16
[5] Password Manager - There's a lot of free password manager out there, so I advise others to try it as well.

Never heard of this. How does this function? What I do is store them to a word document, compressed it as a password protected file then make multiple backups to my devices. If possible I hide it like on my pc.

As long as you enabled 2fa, your email is safe even if you login to different devices. I have emails that was created 2 years ago and I've never change its password but still it wasn't hacked or someone attempt to hack it. I just don't connect my device to public wifi's as I don't feel safe.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
August 14, 2019, 06:52:06 PM
#15
Set your other email as the recovery email of your email if you won't be able to access your email anymore. My point is to use the second email as the first email's email recovery and use third email as the recovery email for the second email and use the third email as the first rmail's recovery email. Like this one.
Email Number                                  Recovery Email (Email that will be use to recover your email)
Email #1                                            Email 2                                         
Email #2                                            Email 3
Email #3                                            Email 1
legendary
Activity: 3122
Merit: 1398
For support ➡️ help.bc.game
August 14, 2019, 01:22:58 PM
#14

Don't login your e-mails on other machines e.g public internet cafe etc. Been doing this long time ago especially when doing travels.

That's my problem in the past. However, we all know that one of the best email provider, Google (Gmail) will not allow login to the unrecognized devices until passing the verification with the used of recognized devices. That's one the best feature I like so even for let' say your password got steal, no one can able to login it to a new device. It will also give a prompt to the user that someone is attempting to login your email.

There are really times we can't avoid logging our mails on another machine during urgent matters especially if we are away at our own machine. For these, we just have to be vigilant.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 14, 2019, 12:19:13 PM
#13
LOL. Why do you or we have to log in emails on computers that are not yours or ours?

Not everyone is financially capable of buying themselves a computer, sometimes even a decent low-end smartphone. Shocking right? Poverty exists, especially on 3rd world countries where poverty is a lot worse compered to poverty that you see on countries like the United States. Hence why computer cafes are a very viable business in poor countries due to the significant demographic of people that can't pay for computers and internet connection.
hero member
Activity: 2366
Merit: 838
August 14, 2019, 10:56:32 AM
#12
To add I myself also wouldn't personally log-in my email credential on just any computer I see, there is really no assurance that the computer I am using has a keylogger or any kind of tracking virus you cannot simply just trust computers that you don't own. You must avoid computers that you do not own much more if you don't have any kind of second layer protection for your emails. Because hackers would instantly have full access into your email accounts without the use of it.
LOL. Why do you or we have to log in emails on computers that are not yours or ours? Nowadays, people can bring their laptops from houses to work officies. They can surely control their emails; if they don't do stupid things on Internet. Logging emails on computers of others, I don't think I will do it anytime in my life. I even don't log in emails on my phones; only do it on non-mobile devices (laptops, computers). If our devices are not totally safe, we are not definitely sure about that, there is no reason to use and log in email accounts or other accounts on computers of colleagues, or anyone else. They likely use their computers carelessly, and don't install any antivirus softwares for their computers.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
August 14, 2019, 10:54:51 AM
#11
I don't see anyone recommend logging in email by code sent via phone number. Use a feature phone ( not android phone or Iphone ) to receive code every time you log in, you never get hacked.
2FA, online password manager sometimes are not safe.

As much as possible, do not use SMS verification. Use 2FA instead. A sim swap attack can be used against you. Though a bit unlikely unless you're some huge famous investor, it still isn't worth the risk.

https://thenextweb.com/hardfork/2019/05/13/sim-swap-2-4m-cryptocurrency-theft/
https://www.coindesk.com/crypto-investor-awarded-over-75-million-in-sim-swapping-hack-case
legendary
Activity: 2282
Merit: 1041
August 14, 2019, 10:54:23 AM
#10

Do not save your password when you login into your browsers. Hope someone had already said this before me. Browsers aren't very secure as they say it is. I am however not a fan of protonmail when it comes to sending messages to a lot of people at once, I tried it once and my account got suspended.  Grin
hero member
Activity: 1680
Merit: 655
August 14, 2019, 10:39:57 AM
#9
To add I myself also wouldn't personally log-in my email credential on just any computer I see, there is really no assurance that the computer I am using has a keylogger or any kind of tracking virus you cannot simply just trust computers that you don't own. You must avoid computers that you do not own much more if you don't have any kind of second layer protection for your emails. Because hackers would instantly have full access into your email accounts without the use of it.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
August 14, 2019, 10:08:58 AM
#8
[6] Use different password for all your emails. As a compliment to point 3 (as you listed above), the use of different password is also vital. This helps in situations if your emails or any online account gets compromised, the hacker can't easily have access to your other emails as they're not linked with the same password which is usually their first guess since majority of online users use similar password for all their online activities.
Additionally, using unique passwords for different accounts, not only emails. If someone use different strong passwords for different emails. It is good practice but not enough. Moreover, it turns to be bad, if they use those email passwords for their accounts on banks, crypto exchanges, casinos, whatsoever.
In a nutshell, using unique, and strong passwords for different accounts.
newbie
Activity: 42
Merit: 0
August 14, 2019, 09:25:48 AM
#7
I don't see anyone recommend logging in email by code sent via phone number. Use a feature phone ( not android phone or Iphone ) to receive code every time you log in, you never get hacked.
2FA, online password manager sometimes are not safe.
staff
Activity: 3500
Merit: 6152
August 14, 2019, 09:19:16 AM
#6
About passwords, certainly the only password you should know is your strong password of your password manager. All other passwords should be automatically generated by it.
-snip-

This. Make sure to not use online password managers such as LastPass tho, stick to KeePass or something similar (open-source/offline).

You should also not post your email address publicly, it will just get picked by bots and you'll be a target of hacks/phishing attempts (emails).
legendary
Activity: 2212
Merit: 7064
August 14, 2019, 09:16:58 AM
#5
Best practice is to quit using Gmail and switch over to more secure encrypted email alternatives.
As for passwords, best to use rand password generator, and backup it up.

I am still looking for password manager that works best for me... testing few of them
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
August 14, 2019, 09:07:02 AM
#4
About passwords, certainly the only password you should know is your strong password of your password manager. All other passwords should be automatically generated by it.

Also, use 2FA everytime it is possible.

With that practice, you doin't need to change any password ever, imo.
Pages:
Jump to: