Private-Mail Blog

It doesn’t matter how secure a platform is if user error comes into play. Drop your housekey in the wrong place, and anyone can waltz right in. Leave your laptop open at a coffee shop and someone can steal your banking information. Privacy is a two step process – you need a platform that offers you the highest amount of security possible, but you also need to take the necessary steps on your end to meet that security in the middle.

1. Use a Password Manager and a Strong Password

Never use the same password for two things. If the password for one site becomes compromised, the password for another site becomes compromised. If the password was for an email account, it’s easy for a hacker to request password resets on every other account associated with that email address. You cannot afford to take chances with your email passwords.

The best solution is to utilize passwords that are at least 16 characters in length. These passwords should contain a combination of uppercase letters, lowercase letters, numbers, and symbols or special characters. If you have a very difficult time remembering your password, that’s a good sign.

Complicated passwords can be stored with a password manager like KeePass. You can create a private, locked password database that will allow you to securely copy and paste lengthy and complicated passwords into the password field on PrivateMail.

2. Enable 2 Factor Authentication in PrivateMail Settings

PrivateMail has a setting for 2 factor authentication, and it’s in your best interest to enable that setting. Two factor authentication means you’ll need more than just a password to access your account – the password is merely the first step. Two factor authentication requires a second verification of your identity and ascertains that you are in fact the person the account belongs to.

Upon every login attempt, a verification code will be sent to you. You can input the code and approve or deny access. Because 2 factor authentication requires a second step, you’ll get the heads up if someone is attempting to access your account without your permission. You’ll be able to change your password before the unauthorized individual has a chance to access your email. Android and iOS Apps like Authy can help keep track of your 2 factor login codes.

3. Enable OpenPGP Encryption for Email and Paranoid Encryption (AES-256) for Cloud Storage.

End-to-end encryption is the only way to keep things completely private on the internet. PrivateMail offers OpenPGP encryption. OpenPGP is one of the most effective encryption tools available, and you don’t need to have an understanding of encryption fundamentals in order to use it.

It’s easy to enable and generate encryption keys. Just turn the feature on, generate a key, and save it. You can easily import the keys of people you’ve exchanged them with, and keep all of your future conversations private.

Paranoid encryption, or AES-256, can be enabled for cloud storage. Paranoid encryption is a 256 bit encryption system that is virtually impossible to crack. Using the option to protect your cloud storage means that all stored files cannot be seen except by the person who holds the private key. PrivateMail’s FileSync apps can be set to keep all files encrypted both locally and on our servers using AES-256 encryption.

PrivateMail never sees or receives any OpenPGP keys or Paranoid encrypted files you save, send, or store. We’re not an invasive third party – we’re merely bridging the connection between you and the person you’re communicating with.

4. Look Out for Social Engineering Attacks

Social engineering is one of the easiest methods that hackers use to obtain private information from a recipient. Headers and subject lines that seem suspicious should always be further investigated. Don’t open something if you aren’t sure what it is – especially if it’s an unencrypted email from someone you don’t know well and haven’t exchanged OpenPGP keys with.

Absolutely never exchange even vaguely sensitive information in an email that isn’t encrypted. Don’t send attachments and don’t open any. Social engineering hackers are very clever, and it’s easy for them to be clever if they actually know you. They know who you might be talking to, they know who to pretend to be, and they can be alarmingly clever. Always rely on the encryption key – it’s the only way to know for sure.

5. Never Skip an Update

It’s really easy to hit the “remind me later” button without thinking about the damage it can do. It’s more than slightly annoying to have to stop what you’re doing to run an update – especially if you’re in the middle of watching something or gaming. Don’t wait too long. Tech savvy people typically run every available update on the first Tuesday of every month. Every single internet connected device you use needs to be updated as regularly as possible.

Updating firmware and protection software often is necessary because new threats emerge every day. Updates usually contain rebuttals to emerging threats, keeping you protected before you ever have a chance to encounter them. If your device is old, it may not be compatible with new security updates. It’s important to upgrade your laptops, PCs, and smartphones when they’re on the verge of becoming obsolete.

Conclusion

Don’t just utilize one or two safety practices – utilize every safety practice made available to you. Keep all your settings on max, change your passwords periodically, and opt in to every additional security feature that PrivateMail (or any other website) has to offer. With the amount of personal and private information being exchanged on the internet every day, there’s no such thing as being too safe.