Freemail accounts will be hacked

Most of you know that I do not recommend using certain “freemail” accounts for any aspect of your professional lives. In short, many of them are poorly supported, barely secured and frequently targeted by cybercriminals because of these elements and because of who uses them. The ones that are being heavily targeted now are mostly legacy accounts that were established by old ISP companies that have since merged, sold or otherwise transformed into another company. Examples include sbcglobal.net, att.net, roadrunner.net, aol.com, yahoo.com, earthlink.net, etc, but they all share a common aspect: responsibility for maintaining the services that power these emails has been passed from company to company like a red-headed stepchild and the services are clearly suffering from neglect.

I’ve had this email for years! I can’t change this email!!

Invariably, we’re going to have this conversation, with you or perhaps with an elder member of your family. And yes, for some folks, changing an email address that you’ve had for 10+ years is going to be a huge pain. There are alternatives to completely abandoning the account, but there is still going to be some work to keep it, you and your loved ones safe. It depends highly on the email service, but most of them have made token efforts to upgrade their security and accessibility. Log into the account, look for account settings, specifically security to see if any of the following are available:

1. First and foremost, if they offer multi-factor/2-factor authentication, set it up and use it. This is a no-brainer, and just about everyone has a cell phone.
2. Set up a backup email account – most email services offer the ability to set another email account as a way to rescue or recover a forgotten password.
3. Even if they can’t do 2-factor, some freemail services let you attach a cellphone for recovery purposes. Support personnel (if/when you can actually reach them) can use the cellphone to verify you are the proper owner of the account when you are in the process of attempting to recover access.
4. Check to see if the password to secure this account has been compromised using this website: https://haveibeenpwned.com/Passwords. Even if it hasn’t, if it’s an easy to guess password, change it and write it down if it’s not one you or they are going to easily remember.

In the end, these are only stop-gap measures. Some email domains are currently on their 4th or 5th handoff, and at a certain point they are likely going to end up with the lowest bidder – something you never want for a critical technology service like email. Your eye should be on transitioning to a more sustainable platform like Gmail or Outlook.com.

Photo by Christin Hume on Unsplash