You will need:

  1. Your smartphone
  2. Your computer

Think about the last 7 years – how many websites have you registered with, how many usernames and passwords created… how many times you have used the same password or small, simple variations of it, for valuable accounts like your e-mail or your online banking? By this time, most of these resources have been hacked at least once (including LinkedIn) and the passwords used there have been compromised, with or without their/your knowledge.

Having a secure e-mail account is imperative to your privacy.

In this short article I am going to show you how to create a nearly un-hackable e-mail account using just your phone and computer in less than 10 minutes.

I am going to show you how to create a nearly un-hackable e-mail account

Let’s start!

Since most people are familiar with Gmail, let us use this e-mail provider – although the same rules apply to others and you can replicate them at your favorite e-mail provider with ease.

I chose Gmail because of the connected services Google offers – Google Drive, Google Docs, Gmail, Google Voice, Google Plus, etc. Secure one, secure them all!

I suppose you already have a Gmail address you would like to protect – step one is to protect it with a good, unique password which you are not using anywhere else. And by unique I mean really unique – not just adding a symbol or a number at the end of your regular password which you use everywhere. Choose something you will remember easily – a phrase works best, as in this example:

Go to this link - https://myaccount.google.com/intro/signinoptions/password - to change your password.

Once done, move on to the next step.

Setting up a recovery phone number

It is important NOT to use your cell phone number as a recovery phone, because intercepting an SMS is cheap and affordable – now that even small crime rings can afford the equipment necessary, SMS authentication is considered insecure. Every person you ever contacted knows your phone number - we don't need that kind of publicity when protecting your most important communication tool.

We will open a Google Voice account which will provide us with a free US number for use for our recovery process. Remember, if you lose access to your phone and / or the password to your gmail account, you will not be able to recover it if you use Google Voice, as they are essentially using the same account. Backup your phone regularly!

Go to https://voice.google.com/ and create an account, you will get a free US number to use with it. Once you get the number, note it down – as it will be your secure phone number for verification of this account and perhaps others, if you choose to.

Now go to https://myaccount.google.com/security and in the Account Recovery options, set up your new phone number as a recovery phone.

Now let us enable 2-Step Verification

To do this, download and install the Google Authenticator app on your phone. You will need it for this account and many more – as many services now offer 2-step verification of identity via this or similar apps.

Go to https://myaccount.google.com/signinoptions/two-step-verification and follow the prompts to enable it on your phone – either via the Google app or via the Authenticator app, I would recommend downloading and setting up both, just in case.

After doing that, perform a full backup of your phone to your computer – in case you lose your phone, you should be able to restore the app to a new one without losing access to your account forever.

Backup e-mail address

It is recommended to set up an e-mail account only you know about, which exists only for recovery purposes, with a unique password – and not used for anything else but recovery. Don’t use your work e-mail or a throwaway e-mail account used for registrations on different websites – as these are often compromised and their passwords – exposed. Remember: the security of your e-mail account is as strong as this backup e-mail address. Protect it in the same way or better to ensure your account’s safety. One service I would recommend for backup e-mail accounts setup is ProtonMail - of course, you should enable mailbox encryption and 2-factor authentication there, too.

Alexander Sverdlov

Alexander is a cyber security consultant who helped banks, telecoms,
public and private sector organizations worldwide develop their defenses
to reflect current and future threats. https://linkedin.com/in/asverdlov

1 Comment »

Leave a Reply