This may be the fourth priority in our email workshop, but it’s truly #1 in importance: protecting your email account from takeover. Your email is the master key to all your online accounts. If you want to keep anything secure, you have to start here.
The good news? It doesn’t take much. The first step is simple, but it’s something most people still don’t do: use a unique password. I'm not asking you to stop reusing passwords in general. For now, please just start by never reusing your email password - keep that one password unique to your email account.
After that, you should enable two-factor authentication for your account. Ideally through an authenticator app, not a text message to your phone.
There are a few more advanced steps depending on your situation, but if you have a strong, unique password and 2FA, you’ve built a solid foundation for keeping your email - and everything it unlocks - safe.
Episode Transcript
Welcome to Super Simple Security Principles, where you learn how to think, not just what to do.
I'm Nick Jackson, here to learn along with you from my good buddy and master guardian,
McConaughey Mason. This is episode 89, email workshop, and the priority of this episode is
(00:26):
prevent takeover. So again, we're continuing on with our email workshop. The priority is prevent
takeover. Makani, prevent takeover, man. That's scary. I think if somebody take it over my house
or something like that, and we all know what valuable email is, I mean, it's essentially
(00:48):
our online identity. It's a verification for everything. Yeah. Yeah. Well, and that's,
obviously this is not a new topic for us. This is something we've talked about over and over and
over, and we will continue to, and we'll get into part of why that is in a minute. But just to clarify
what we mean here, the takeover we're talking about is taking over, not over, not only just your email
(01:13):
account, which we shared a story about recently with my brother's accountant, but take over of
any of your online accounts, because we know that email is, as we put it, you know, a master key to
all of your online accounts. Yeah. And so this is the fourth priority we've discussed in terms of
(01:35):
the email workshop. And obviously it's not number four in terms of importance. Really, if I were going
to rank them in terms of importance, it's probably number one, really. Okay.
You know, I mean, there's lots of important things, but I mean, if you don't have access to your email,
everything else is kind of irrelevant. I mean, it takes over your other accounts. Like, I mean,
(01:57):
it's just, it's clearly a high priority. It's just, yeah, we've just talked about it so much. I wanted
to dive into some of those other priorities first, I think was the main thing. Yeah. Yeah.
So the, the, I guess the other part I wanted to talk about is, so just clarifying a little bit
(02:20):
more on the takeover. If they take over your email, they can take over all your accounts, most likely.
Not good.
So if they don't take over your email, it still helps prevent takeover of any other account,
right? Because part of that is like, we've more and more places have recognized that they're how
(02:41):
highly they're treating their email address. So even changing the email address on accounts now,
a lot of times requires verification, which is a really good thing because right, if they can take,
if they can still, you know, figure out your password to a different account, go in and change
your email address, then all of a sudden you can't, you can't get it back with your email
(03:02):
account. Right. But more places are recognizing, okay, yeah, we're treating this as the master key. So
if they're going to, you know, swap out the key, so to speak, then we better verify that as well. Right?
Right. And there's a whole range because then there's some places that are a little bit lazier
that they won't require verification, but they'll notify you at least if the email changed on the
(03:26):
account. So even that is a little bit of protection against takeover. Right? Yeah.
So there's lots and lots of ways where email protects you both. And so that's, that's why this
is so important. Yeah. And the other reason why, so the reason why the okay, it's so important,
(03:48):
but why isn't it, why is it still a problem? And well, there's a lot of reasons, but the single
biggest, just like kind of summary reason, if you look at the statistics is there's still a ton of
password reuse going on. Yeah. And so we'll be talking about that. And I know there's a lot of
(04:10):
challenges around password managers, a lot of drama around that. So we won't even be getting into that
into the workshop for now, because the fact is the great place to start, even if you don't have a
password manager, even if you're not ready to dive into using a password manager is simply to use a
strong password with email that you don't use anywhere. Even if you use lots of reuse elsewhere,
(04:34):
at least I beg you to use this one place that, you know, have a strong, unique password with email
that you don't use anywhere else. Okay. And so we will, we'll get some strategies for having a strong
password that you can both type and remember, you know, not using a password manager. My email, of course,
(04:57):
the password is too long for me to type or remember, but that's okay. We can still get most of the way
there with a very long typeable password. Nice. And it's still a huge, huge upgrade. So
that's one of the things I want to make sure we, we focus on it because it does not have to be that
much work. And there's the top priority. Really, you get a unique email password already. You're doing
(05:22):
so much better than, I don't know what the statistics are, but it's a really, really good place to start.
Okay. Perfect. So, um, and honestly, in terms of prevention takeover, there's not a ton that needs
to be done. There's a unique password and 2FA. We've talked about two-factor authentication and
(05:43):
we'll, we'll get into that in the workshop and that's for everyone. Um, but those are really the
only two absolutely universal things. I would say there's some other stuff as well, but it depends
on your situation. Uh, and we'll, we'll get into some of that, but really the preventing takeover
problem and priority is, is, uh, relatively simple compared to safe fighting spam. Fighting spam is a
(06:09):
much harder problem, much more nuanced, a lot more things to do and to think about than just preventing
takeover. Right. Okay. That was my question. I was like, well, what makes it more challenging,
but just knowing that there's more things to do? So. Yeah. Cause with takeover, I mean,
it's really a matter of if you use a good password and you put 2FA, I mean, that's not the whole
(06:33):
story, but it's, you know, that's going to be a good start. Yeah. It's 80% of the battle. I would,
I would call it. Two steps and we knock out 80%. Yeah. Yeah, exactly. So, um, yeah. And that's,
uh, and that's why this one, this episode too, you know, I mean, we've only been, it's short,
(06:57):
but that's about all I have to say on this one. Honestly, there was a lot more to say last episode,
um, about the phishing. So I don't know what's any, any additions, thoughts, takeaways, Nick?
Yeah, man, I'm going to recap this bad boy. Are you okay if I recap this? Yeah. Okay.
Okay. Two easy steps and we eliminate 80% of the issues. Good, unique password. Don't use it
(07:26):
anywhere else. Use it for your email. Make sure it's strong. Make sure it's long. Let's go. So
unique password. Don't ever use that anywhere else. Second, get two factor authentication. Okay.
You get two factor authentication and that eliminates 80% of kind of what we need to avoid
(07:48):
and this preventing a takeover. Obviously there's a few more things to seal those gaps,
but this is an easy start. This is a very easy start. So totally doable. Like for me, this is
like, if you're listening right now, don't let your account get taken over those two easy steps. Like
(08:12):
let's go. Super do it. Yeah. Did I miss anything? Nope. Nope. And none of it requires money. Like I know
a password manager, for example, and we recommend cost money, but there are free two, two FA apps that we
can get you set up with standalone to, to do this for email. So, um, yeah, no, I don't really have
(08:36):
anything else to add. I think that's, uh, dude, I love easy episodes, man. Easy episodes that,
that legitimately help. Like, like this is super useful. So yeah, I would say that it just made me
think of the, you know, when we've talked about this for the main thing that I think is we talk
(08:58):
about that. I mean, I did a whole, we did a whole episode on this, so I won't get into it here, but
why not reusing passwords. If you're not convinced, if that's holding you back, you're like, eh, you
know, I'm not convinced that that's really the case. I didn't put it, I forgot to put in the notes
of what, but we have one where we talk about that anyway. Um, read up on it because there's, I promise
(09:20):
you there are good and valid reasons why password reuse is actually a problem, but I know that's
problem. Yeah. Right. Again, that's really the short version, right? Data breaches. Yep. Yep.
That's, that's a good short answer. So thank you. You betcha. Dude, I liked that episode.
Well done. Are you ready to take action and wondering where to start? Get my Bulletproof
(09:47):
My Identity Starter Kit for free. The seven most vital layers of protection everyone needs.
I'll send you one step at a time and help you if you get stuck. Just go to bulletproofmyid.com
and enter your name and email, and I will send you the first step. Again, that's bulletproofmyid.com.
(10:11):
you
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.