This article will discuss a common error that compromises the security of email and, as a result, allows an attacker to take action on the Internet on behalf of the victim. There are many recommendations aimed at reducing the likelihood of losing personal data on the global network, but all of them are aimed at saving and recovering a password from an account – an account, be it an email or a profile on a social network.
Further, we will not exacerbate the main recommendations for restoring access to your account, such as the importance of answering a security question, for example, “Favorite dish” and the fact that such an answer does not fit the words: “kebab” or “potato”, since every second person will initially come to mind to indicate exactly this answer or that it is completely unacceptable to indicate the date of his birth in the password without any additions.
Error compromising email security
Having experience in administering forums, I have come across cases in which registered users, for ease of remembering, indicated a single password for all their accounts, be it a password from an e-mail, forum or social network. Moreover, this password was complex with a set of numbers and letters in different case.
After a new user was registered on my forum, I received a message with his details. Such information messages are used on all Internet resources where registration is required.
Below, I give an example of such a letter. For security reasons, the data has been slightly changed:
Регистрационная информация нового пользователя:
Адрес e-mail: [email protected]
Домашняя страничка: -
IP - адрес пользователя: 184.108.40.206
Having received such information, an attacker without any difficulty, without using hacking programs, gains access to e-mail!
Let’s imagine that you are a new user, and the addressee of such a letter is the administrator of some resource pursuing malicious intent.
Possessing a postal address and a single password, which was indicated on the attacker’s resource, he can easily enter an e-mail box, seize information, find out on which sites and under what login you are registered, and then perform any actions on your behalf.
In the absence of registration data in the mailbox, as well as the use of a mail client, in which messages are not saved on the server, the threat is also not completely eliminated.
By searching and visiting, for example, popular social networks and the “Recover password” option, in a matter of minutes you can generate a new password that will be sent to the hacked e-mail. And from that moment, the attacker gains full access to the victim’s account, with all the ensuing consequences.
In order not to get into such an unpleasant situation, my advice to you: when registering, never specify a password that is the same as for access to e-mail specified in the same resource! In addition, do not consider it superfluous to leave the option to retreat, fill out the tools offered by the resource for password recovery.
Someone will say that this is nonsense and no one does this, but the fact remains that such cases are not uncommon, I gave one of such examples above.
Remember, the password from the e-mail should be suitable only for mail and nowhere else!
By observing this simple rule, you will significantly increase the security of your e-mail.