Pin Me

Webmail Hacking - How to Stop Hackers Getting Into Your Webmail

written by: Lee Clemmer•edited by: Bill Bunter•updated: 5/5/2010

So you're using Webmail, but you are worried about hackers getting access to it. If it is available anywhere in the world, it's available to hackers everywhere in the world. So how do you stop hackers from hacking into your Webmail? This article provides help to prevent Webmail hacking.

  • slide 1 of 4

    Hacking Webmail

    Depending on the Webmail service you use, it may be somewhat easier or harder for the hacker. If you have a simple password, and your webmail provider doesn't restrict the number of failed logins before locking out the account, the hacker can just guess and guess until they figure out your password. Other ways of hacking your Webmail involve capturing or sniffing traffic from your browser to the Webmail server. If the traffic isn't encrypted, they can just see your password when it is transmitted to the server. They could also hijack your session with the server even if they did not capture the password. In some cases even encrypted passwords or encrypted traffic can be cracked, so just because it's encrypted isn't 100% secure. Let's look at a few ways to help prevent your Webmail from being hacked.

  • slide 2 of 4

    Use HTTPS

    Most modern Webmail services support the Secure Sockets Layer (SSL) version of the web HTTP protocol, HTTPS. They likely will just use an unencrypted HTTP connection by default. Unless you know to put that HTTPS at the beginning of the URL (for example: https://mail.google.com) or bookmark that secure login page, you might be using unencrypted HTTP for your communication. This means that if someone did capture the network traffic they could read what you sent and received as plainly as you are reading this. At least check that your Webmail's login page uses HTTPS as this will encrypt the username and password as they are transferred.

  • slide 3 of 4

    Use a Complex Password

    This is an important security item in every case. Short, simple passwords are so easy to guess or crack that the protection is practically just as bad as having no password at all. It may help to think of it as a pass phrase, and construct them of several words. Next, use combinations of upper and lower case letters, and use numbers mixed in as well. It's not as hard to create something that would be hard to crack but easy to remember as it might seem. Length is the most important factor, followed by mixed case and the addition of numbers and other characters if they are allowed. Try mixing several words together and numbers within, using things that are easy for you to remember.

    For example, for a really complex password you could combine your favorite flavor alternating with a movie name and bracketed by the year you graduated high school:

    Chocolate, 1986, Star Wars = 19CShtoacroWlaartse86

    OK so that's going to be tough to remember at first, but no one is likely to crack it.

  • slide 4 of 4

    Use Secure Webmail Services

    Using a secure web based email service is one of the most effective ways to stop hackers. You can't be secure if your Web email provider just isn't securing things at their end. The secure Webmail providers will often have requirements (or at least strong suggestions) for complex passwords. They will also always use HTTPS, and often additional encryption and security measures. Options like locking out accounts after too many failed attempts at access. See my article on the top three free secure email services for some excellent ways to help prevent hackers from getting into your email.