It seems like hardly a week goes by these days without someone I know sharing that their email account was hacked. Whether you are on Gmail, Yahoo, Outlook, or any other mail platform, there are bad guys out there trying to get into your account to spam your friends with their viruses and junk messages. If you’ve been attacked and a bad guy got in, here’s how to clean up and keep it from happening again.
Re-Secure Your Account
Step one is to secure your account and take away access. Until you take this step, the hacker still has access to your email. Not only does this let them keep sending out junk mail and viruses to your friends, it also gives them access to any account with a password reset tied to your email.
Think about it. If they get into your Gmail and search for the word “bank,” they will quickly know where you have your money and have access to change your passwords. So we want to fix this ASAP to secure your digital life.
To re-secure your email account we are going to take two steps:
Step 1: Change to a Super Secure Password
Using an old password like cofee09 is not safe in the days of sophisticated hackers and brute force attackers. To really keep any account secure, you should be using a super secure password. For the majority of sites, I have a 16 character completely randomized alphanumeric password. For a few of the most important sites I have my password memorized, but for most I don’t need to do so. More about that in a minute.
For now just change your password to something new and very hard to guess, and use character substitution to make it even more secure. If you want your new password to be something memorable like a pet’s name from when your childhood, we can still make that work. Let’s say you had a dog named Rover. For a secure password, you could use something like R0v3rDoG1492, which is a much more secure password than something like Rover14.
Step 2: Add Two-Factor Authentication
Next you should add two-factor authentication to your email sign-in. Not all email providers offer this. If your provider does not and you’ve been hacked, you should seriously consider moving to a more secure provider. Gmail is free and offers two-factor authentication. It is what I use myself.
To add multi-factor authentication to Gmail and the rest of your Google account, go to the 2-Step Verification page to get started. In general, you’ll want to link up your accounts to the Google Authenticator app (available for Android, iOS, and BlackBerry), which generates a new secure password for each linked account several times a minute.
Using both a secure password AND two factor authentication should keep bad guys from ever getting into your account again unless they can steal your phone, get into your phone, and guess your password all at the same time.
Now that a bad guy has been in your account, you have to assume that they have your email and password and probably stole some other passwords too. It is a really bad idea to use the same password on multiple sites, but remembering lots of unique passwords is impossible with the number of accounts we all have today.
To keep everything straight, I use LastPass. LastPass is free for desktop and $1 per month for mobile (totally worth it!) and keeps all of your passwords secure under a super secure master password with two-factor authentication.
LastPass is the “last password” you’ll ever need to remember. Once you added the app to your computer and phone, you can import your saved passwords from your browser and run a test to see how secure you really are. Chances are, you are in pretty bad shape when you get started. Most people are. But it is an easy fix to get secure.
Use the LastPass built-in secure password generator to make new, unique passwords for every single website. When you’re done, you’re secure.
If you don’t like LastPass, you can also check out Dashlane as an alternative.
Assess the Damages and Let People Know
Now that you’re secure again, take a look in your email account and try to figure out what the bad guys did. If you can find a list of where they sent bad stuff in your history, it is best to let all of those people know about the hack and that you’ve since fixed it.
If you’re a really good Samaritan, you can send your entire address book a warning, and maybe copy in a link to this post in case they got hacked too.
When you have time, you can go through your archives, sent mail, and history and delete out the messages and other records of the hacker’s presence in your account just to be safe. Once they are locked out with a new, strong password with two-factor authentication there is little ability that they can cause any more trouble, but it is better to be safe than sorry.
Prevention is Easier
Like with most nasty problems in our lives, it is easier to put in a little work ahead of time than deal with the hassle of cleaning up when the problem strikes. If you’ve never been hacked, there is no better day than today to add LastPass, make all of your passwords secure, implement two-factor authentication, and secure your online life.