This is Part I of a new series on basic security for the average web user. While most of us recognize that the web is an unsafe place, many people engage in practices and habits that put their personal information at risk, often without even knowing it. This series will highlight a few of these areas and provide some easy solutions.

None of these are catch-all solutions - internet security is more a combination of measures than a single solution. Think of each step as way to increase the height of your fence that prevents would-be internet assailants from invading your privacy and finances.

Email Accounts Are a Crucial Security Barrier

Your email account is usually the gateway to your online accounts, and control over it is crucial to keeping your information safe. Many sites - including Ebay, Paypal, banks, and trading sites - will let you reset your password if you have access to the email registered with your account. Therefore, your email account is one of the most important pieces of your internet security. Someone with access to your email can gain control of almost every online account you have by resetting your passwords one by one.

A Real Story

A friend of mine was victimized in this way. Her Gmail password was stolen, and the hacker immeadiatley changed the password on her account. She was completely locked out of her email, and the hacker started to change the passwords on her other online accounts - Ebay, PayPal, and others.

This, as you can imagine, was a horrifying experience for her. She was fortunate to get out of this without any significant damage (more on how in a minute), but most of us will not be so lucky.

The Problem With Yahoo, Gmail, and Hotmail

You might wonder why the title of this post singles out Yahoo, Google, and Hotmail. These are good companies with solid products, I am not suggesting that there is a problem with them or their services. There are, however, two fundamental problems with using their email addresses for sensitive online information and financial data:

1. Most people know how to login to these types of accounts. All you have to do is go to yahoo.com, hotmail.com or google.com.
2. If someone gains access to your account and changes your password, it will be very hard to get one of them to change it back for you.

The first problem is somewhat elementary - having an email account from a popular provider means most people will know how to login if they do get your password. Getting an email account where the login page is more obscure (or better yet, is under your control) is much better choice.

The second problem is the major one. Have you ever tried to contact customer support for Yahoo or Google? Do you think they even have such a department for their email subscribers? My friend tried to call Google for help with her problem and was told to press 7 for customer support. After doing so, she heard a message that Google, at this time, does not offer customer support. Essentially, there is little or no recourse available through these companies for a stolen account. You get what you pay for.

In fairness to these companies, the support may improve in the future. But as of right now, I consider this problem a serious security risk for critical internet accounts and information.

Solutions and Best Practices

My friend was fortunate to know someone who worked for Google and who was nice enough to BEG the right people there to reset her password. But most of us will not be so lucky, and need to utilize the following two solutions:

1. Take control of your email hosting.
2. Protect your password.

Taking control of your email account is not as hard or expensive as you might think. A good option is to get your own domain (i.e. "www.yourname.com") and manage your email account yourself. Otherwise, you can pay for better email hosting through a variety of web hosts. These solutions have two important effects that can curb the problems above:

1. Logging into your email account from a web browser will be harder. A hacker would have to guess your mail sub domain or application path - "webmail.yoursite.com" for example. Depending on your needs and host, you might even be able to disable such access.
2. If someone gains access to your email account, you can handle the problem yourself. This is far more important than #1 and could mean the difference between quickly stopping a hacker in his tracks and being paralyzed while he slowly changes the passwords on all your online accounts. If you are paying a company for email hosting, they will be much more responsive and helpful than the companies that give accounts away for free.

Getting your own hosting is pretty easy - GoDaddy, Yahoo, and other web hosts all have plans where you manage your own accounts. Your ISP (Verizon, Time Warner, CableVision, etc.) may have them too. And it's not that expensive - most of these plans, even with your own domain, cost around $50-$70 a year, and accounts through your ISP are probably included in your monthly fee. Alternatively, another option is to find a friend who has his or her own domain/hosting (even if it's for their business).

Protecting your password is the subject of my next post. To give a quick summary, make sure your email account has a unique password and that you never give it out to anyone you don't trust. Also, don't ever send a password via email - there are a lot of people between you and the recipient that can read the message.

More to Come

Taking control of your email is a good first step, but there are some other easy ways to increase the security of your online world. Stay tuned for Step 2 on passwords.