Not all accounts are created equal. It’s only natural that you would care less about an ESPN Fantasy Football account than you would care about your online banking or PayPal account.
Anyone who spends even a little time thinking about security is careful to use a strong password and proceed with caution when accessing a service related to personal finance. However, a lot of users are also relatively careless about their primary webmail account, which often serves as a master key to all other accounts.
Think about it: whenever you set up nearly any online account, you’re prompted to enter a primary webmail account. There are a number of reasons for this. First and foremost, the service that you’re signing up for probably wants your email address for a variety of marketing and advertising reasons, the most obvious of which is so they can send you promotional content.
Much more importantly for us, this primary email account is also the place where you can recover online accounts if they become hijacked or if you forget your password. In this way, your primary email account is more sensitive than your PayPal or your banking account, because if the email account is compromised, so too are the PayPal and banking accounts.
Beyond that, a criminal in control of your webmail account can gather some serious intel about what other accounts you use online, and compromise those as well. Therefore, a hacked webmail account is, in more cases than not, the equivalent of someone hacking your entire digital life.
Google and Apple accounts, depending on how you use those services (especially Gmail or iCloud), can potentially provide access to vast swaths of your online and physical existence. Additionally, Facebook and Twitter can have access to scores of other online accounts and should be considered critical as well. Facebook’s Connect feature in particular, acts as an authentication agent all over the web.
OpenID provides a similar service that – if compromised – could give an attacker access to any number of online accounts, including your primary webmail, so it should be strongly protected as well.
It’s impossible to say what accounts you use for which purposes, but you should occasionally audit yourself. Really examine your accounts’ settings pages and determine how they are connected to one another and to third party apps and services, and act accordingly.
Long story short: you need to start handling that primary email address in the same way you handle your online banking account, or perhaps even more carefully since it is your most precious online account. Do you access your bank account from public or unfamiliar computers? Then you shouldn’t access your primary email address like that either, because there is no way to know for certain if any computer other than your own is safe.
Similarly, when and if your account is hacked, attackers will use it as a tool to attack the accounts of your friends, family and digital acquaintances. A good attacker will look through a hacked account, gather context and send malicious emails that are nearly impossible for a human to recognize as such. A strong antivirus solution will protect you against email-borne attacks containing malware.
110 Reykjavik, Iceland