Now that you have a safe place to store your new secrets, we can work on protecting your email. As mentioned before, your email acts like a skeleton key for a large part of your online identity—people you communicate with associate your email with trust, and your email is also a key factor involved in logging into other accounts and receiving password resets. With access to just your email, an attacker can unlock access to more information and accounts.
To protect your email you will have to take these steps:
Reset your password and store it in your password manager.
Set up a strong two-factor authentication.
Store your backup codes in your password manager.
Update your account recovery options to ensure they are valid and accessed only by you.
Remove third-party applications with access to your email account that you don’t need.
Let’s run through each of these areas to understand what they mean.
Step 1: Reset and Store Your Password in Password Manager
It doesn’t matter what clever method or hoops you might have mentally jumped through to create your current password. Let’s start with a fresh slate, and reset it so you know for a fact it is unique.
Your password manager should help by suggesting a password that is very long and as random as it can technically be. If not, aim for at least 16 characters in length. Research has shown that it is more important to have a longer password. Mathematically, long passwords offer more possible combinations, which would take too long to guess even with today’s available technology.
Once you reset your password, all your previous logged-in sessions should also expire. This gives you the added comfort of knowing from this point forward, only you have access to your most important digital key. (Although this does mean spending some time logging back into your email on your phone, laptop, and so on.)