Email ProtectionCryptography Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Cryptography Course Email Protection

This topic contains 24 replies, has 18 voices, and was last updated by Profile image for cybogpi cybogpi 1 year, 11 months ago.

Viewing 20 posts - 1 through 20 (of 25 total)
  • Author
    Posts
  • #26162
    Profile image for rattar
    Rattar
    Participant

    Someone has been breaking my email.
    I need a good way to protect! Can someone suggest a good algo that I can easily remember and that will protect most people from brute forcing email.

    #26189
    Profile image for 13ushm4n
    13ushm4n
    Participant

    What exactly do you mean by breaking/brute forcing your email?

    Your emails can be protected, e.g., by GPG keys (gmail can do that, I didn’t really feel any need to use it elsewhere). You can get the keys for free. But other people (the email client they use) have to know how to use your public key so that the mechanism works right.

    Other thing is that people often use weak passwords for logging into their email accounts via web. So use strong enough password. It should be long, use upper case, lowercase chars, numbers, special chars like %^&… which all together makes it much harder or possibly even nearly impossible (depending on other factors) for an attacker to hack into your account.

    • This reply was modified 2 years, 1 month ago by Profile image for 13ushm4n 13ushm4n.
    #26193
    Profile image for cyrusbermejo
    SpiderX
    Participant

    When using free web mail services like Gmail, you may enable additional authentication mechanism like OTP. If you’re hosting your own mail server make sure you hardened your configuration and enforce additional authentication modules.

    #26214
    Profile image for rattar
    Rattar
    Participant

    I feel like someone is brute forcing. Gmail displays if you have used a previous password and how long ago the previous password was changed? So by brute force attack, can be used to cycle through not just one email but multiple. Some of the previous passwords I used for gmail can be used to access my other emails. I will definitely look at protecting with GPG keys. Does anyone recommend a GPG software for ios and android devices?

    • This reply was modified 2 years, 1 month ago by Profile image for rattar Rattar.
    #26236
    Profile image for leoedge
    Krintoxi
    Participant

    Gmail now has Automatic GPG, as far as showing you how long ago the previous password was changed it’s just a new feature of Gmail.

    #26237
    Profile image for rattar
    Rattar
    Participant

    Google…If you changed your password 10x, then if you enter any of those passwords, a person would now that you used that password and when you last used it and from that information might try to access other accounts from what you used from that period. I know that there is a huge assumption that the person will get one of the passwords correct and that the person must know other accounts. However, if you had some type of dictionary about that particular person, and one of the passwords that was used earlier wasn’t very secure (i.e. favorite football team + year of the win), the attacker might use that password for other accounts such as email, bank, etc…

    #26299
    Profile image for atulbadgujar
    atulbadgujar
    Participant

    good concept

    #26301
    Profile image for nehajamadar
    Neha
    Participant

    usefullsor guidance

    #26309
    Profile image for mohinimali99
    mohinimali99
    Participant

    nice concept

    #26461
    Profile image for manish110
    manish110
    Participant

    good

    #26540
    Profile image for arunima7595
    Arunima7595
    Participant

    nice concept….

    #28482
    Profile image for nehajamadar
    Neha
    Participant

    good concept

    #28867
    Profile image for alleycat
    AlleyCat
    Participant

    When mentioning emails, what do you think about Google`s email scanning?
    I heard about scanning for viruses and searching keywords for targeted ads (I must admit I haven`t saw ads on Gmail for quite some time)

    Anyway, in both cases Google is reading my mail, so that might mean that my conversations are not so private, althought they are secure.

    #29971
    Profile image for
    Anonymous

    Get a Yubikey. So even if they have your password, they dont have the physical device itself to provide authentication AND verification for your email access. Two-factor folks, it’s easy and available without your cellphone.

    #30347
    Profile image for rattar
    Rattar
    Participant

    Get a Yubikey. So even if they have your password, they dont have the physical device itself to provide authentication AND verification for your email access. Two-factor folks, it’s easy and available without your cellphone.

    Will this help with email protection?

    #30846
    Profile image for
    Anonymous

    Well, yes. Google Yubikey and you’ll see they list how they provide two factor authentication for browser accessed email.

    #30848
    Profile image for rattar
    Rattar
    Participant

    Even with two factor authentication, it’s terrible. What if you don’t have access to your phone i.e. phone died, no cellular connection, etc… Does that mean you can’t accesss your email account ? Two factor authentication is also slower. You spend 5 minutes just to login to your accouint.

    #31179
    Profile image for lubomyr
    D3v1nZ
    Participant

    First, you need to be protected from themselves. First learn the basic foundations of security)

    #31426
    Profile image for
    Anonymous

    Rattar,

    Yubikeys are USB/NFC-based dongles that provide an insane amount of options. Here’s a video: Yubikey Neo OATH authentication.

    Even with two factor authentication, it’s terrible. What if you don’t have access to your phone i.e. phone died, no cellular connection, etc… Does that mean you can’t accesss your email account ? Two factor authentication is also slower. You spend 5 minutes just to login to your accouint

    Multiple options:
    1) plugin Yubikey Neo via USB and authenticate desktop browsers.
    2) touch Yubikey Neo to your cellphone to authenticate mobile email apps or mobile browsers.
    3) buy an USB NFC-reader so you can use both options at home.

    #32403
    Profile image for smiley23
    SMiley23
    Participant

    good

Viewing 20 posts - 1 through 20 (of 25 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel