Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Improving Account Security...

by Dec 24, 2012 9:18AM PST

Bef18 here: I read an article a while back talking about effective security approaches to deter thieves from breaching into personal accounts online. One of the suggestions listed was to use a completely isolated email address to store all password recovery emails. My question is should that email be given the same security precautions as other accounts (2-factor authentication, recognized devices lists) as well? Should I use the same email service provider the email accounts I communicate on are associated with? I assume "isolated" is the key word here so as long as the secure email was kept secret everything would be ok, but it did make me wonder a bit. Thanks!

Discussion is locked

5 Posts
- Collapse + Expand Details
- Collapse -
Answer
Since our governments don't consider email private.
by Former Forum moderator Dec 24, 2012 10:09AM PST

You need to reconsider unencrypted email. There is no secrets without it.
Bob

- Collapse -
(NT) Is? I meant are. Tsk tsk.
by r. proffitt Former Forum moderator Dec 25, 2012 1:45AM PST
- Collapse -
Answer
You're kind of missing
by Dec 24, 2012 10:20AM PST

You're kind of missing the forest for the trees here. You think security is something external. You set up a password or install this program, and everything will be secure. You are absolved of all responsibility after that point.

Security is less about passwords or firewalls, or whatever else these rather sensationalist and light on detail articles tend to suggest. You want to know the biggest reason people fall for those Nigerian 419 scams? The one about the Nigerian prince or oil tycoon who singled you out, of the millions of people on the Internet, to share this once in a lifetime opportunity if you just help them smuggle and launder all this money out of the country. The reason people keep falling for those, is because those of us from first world countries tend to think we are more sophisticated than someone from Africa. No one from Africa could ever outsmart someone with a college degree? Those Africans are just a bunch of nomadic dirt farmers after all! And so you STILL see people falling victim to these scams.

Security isn't about two factor authentication or some kind of secure email address. Security is more of a state of mind. If someone sends you a message out of the blue, saying how they have this fantastic business opportunity for you, no two factor authentication, firewall, secure email address, whatever, is going to save you if you're dumb enough to respond. Security is about recognizing that such a scenario is 1) too good to be true, 2) came to you unsolicited, 3) is a well established scam pattern by this point, and 4) likely breaks all kinds of international finance laws. I could probably go on, but that should be sufficient.

So my advice would be to stop filling your head with this useless fluff about email accounts for storing passwords and whatever else. It's just a bunch of garbage designed to get people to read the article and generate ad impressions. There might be one or two little nuggets of useful information in them, but they in no way justify the time wasted reading the thing to find them.

- Collapse -
thinkin' your right !
by itsdigger Dec 24, 2012 10:32AM PST

shouldn't we treat our passwords like we treat our backups ? A password is something we can't afford to lose or give out whether it's hacked or snooped by Uncle Sam , put them on a disc or in your little black book and put them in a safe place.

- Collapse -
The idea is the make it harder to crack...
by bef18 Dec 28, 2012 7:07AM PST

Obviously humans are the weakest link to any type of security system Jimmy and I realize passwords won't make my accounts impossible to crack into. Will I ever fall for those Nigerian email scams you keep talking about? No, all it takes are a few quick glances at Snopes and a good email service in order to avoid something so obvious. Am I an infallible human being who recognizes any and every email scam on the planet? Again the answer is no, but that wasn't the point of my original question. I'm simply trying to make my accounts harder to get into by narrowing the lines of attack by the hacker. A little defense is much better than nothing at all. You said yourself that security is a "state of mind" so what's wrong with reinforcing another part of the wall? Nobody can avoid every threat on the internet so it's important to find ways to alert yourself when things have gone wrong. If a hacker knows where my password reset goes then that's just another line of attack for him to take advantage of.

Back to Computer Help forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info