At The Atlantic, James Fallows has written an excellent and harrowing account of how your email program in the cloud be hacked and what you can do about it. The story is centers on a real-life experience of Fallows’ wife, who noticed one day that she couldn’t get into her Gmail account; by the time she got control of her account again, she noticed that all of her email was missing. After much additional effort she regained access to most of her email, but it wasn’t easy and this result is not guaranteed. She made the mistake of simply assuming that her data was safe with Google and that no one would hack her account.
Many people are out there trying to take over your email account, and they are successful too often. They have broken into email accounts in all of the cloud email companies (gmail, yahoo, hotmail . . . you name it). The problem is usually password hygiene.
Fallows offers some suggestions at the end of his detailed article (I highly recommend that you read the entire article, because his suggestions go well beyond the excerpts below):
[I]f you use Gmail, please use Google’s new “two-step verification” system. In practice this means that to log into your account from any place other than your own computer, you have to enter an additional code, from Google, shown on your mobile phone. On your own computer, you enter a code only once every 30 days. This is not an airtight solution, but it can thwart nearly all of the remote attacks that affect Gmail thousands of times a day. Even though the hacker in Lagos has your password, if he doesn’t have your cell phone, he can’t get in.
In case you’ve missed the point: if you use Gmail, use this system. Also, make sure the recovery information for your account—a backup e-mail address or cell phone where you can receive password-reset information—is current. Google uses these to verify that you are the real owner.
Next we have password selection, that seemingly impossible task. The science, psychology, and sociology of creating strong passwords is a surprisingly well-chronicled and fascinating field. OnThe Atlantic’s Web site, we will describe some of the main strategies and the reasoning behind them. Even security professionals recognize the contradiction: the stronger the password, the less likely you are to remember it. Thus the Post-it notes with passwords, on monitor screens or in desk drawers.
But there is a middle ground, of passwords strong enough to create problems for hackers and still simple enough to be manageable.