How to Secure Your Email

IDWise Logo

We use email for everything from sharing vacation pictures with friends to trading tax documents with our accountants. Filled with personal details, financial information, family photos, and Social Security numbers, most people's email inboxes include a wealth of identity attributes that could wreak havoc in the wrong hands.

However, there are ways—some easy, some more complicated—to keep your email secure from prying eyes. From lowest-tech to highest-tech, here are some ways to keep your email confidential.

Start with a strong password.

This is an obvious one, but it's still the first line of defense. Choose a password that:

  • Is a mix of letters and numbers
  • Does not spell a recognizable word or phrase
  • Uses punctuation, symbols, and a combination of capital and lowercase letters

Remember, a strong password may not always protect you. As the Center for Identity's Identity Ecosystem project has discovered, even seemingly innocuous information—such as your birth date, your hometown, or a pet's name—can be used to dig up more secure information. For example, a hacker could access your account up to the point of password entry, then click on the "Forgot password" link. The other information about you can be used to eventually guess your password.

Ask the tough questions.

Most sites ask you to choose a security question to do things like retrieve a password or access a secure account. Sometimes, you must choose from a pre-selected list of questions, while other sites allow you to choose your own.

If you are able to create your own question, choose an obscure piece of information about yourself that would be extremely hard to guess.

If you must choose from a pre-selected list, use false information (just be sure you keep track of your answers). For example, transpose a number in your birth date or choose a city you have never lived in for your hometown.

Use a secure email service.

Secure Socket Layers (SSL) is the industry standard for creating an encrypted link between a web server and a browser—it prevents your network from being tapped into. If the web address starts with "https" rather than just "http" you will know you are using SSL encryption.

One thing to consider is that when using SSL, the mail server saves your messages in plain text. That means that even though no one can tap into your network, anyone with access to the mail server can see the content of your messages.

Encrypt your messages.

If you can't use a private, secure email service and want to make sure your emails are safe, you need to encrypt the messages themselves. That makes them unreadable to anyone but the recipient, even if they were printed out from the mail server and posted for all to see. Two of the most common forms of message encryption include Open PGP and Secure/Multipurpose Internet Mail Extensions (S/MIME). Both require you and your contacts to install security certificates on your computers and exchange strings of characters called public keys.

IDWise Logo
What is IDWise?

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.

Sign Up for IDWise