Suggestions for protecting your email privacy

[Upgrade00]

I've come across quite a couple of scams and scam attempts all involving email addresses.
To protect your address first step is you'll want to keep it private, if it doesn't get leaked then you can not get targeted by hackers/scammers keep it hidden on any site you regularly use. However, there are those who run businesses here and choose to transactions through email. In this case;

Always have a unique address: this specific address should not be connected to any other website or platform. The makes it easier to filter the mails and sort out the spam inboxes.

Have dispensable addresses: We regularly want to try out or experiment on certain platforms. Do not use any of you main email accounts, rather use a random one and if possible a random password for it. You could also use a temporary email address pending when you're ready to make your profile permanent. This prevents you from leaving a pattern which can be used to breach your accounts.

Dismiss unsolicited mails and never click links: This is very popular advise here, do not click on links in unsolicited mails, whether or not they appear in the spam section. Also mute spam messages to stop getting such messages.

If an account you did not make public keeps getting flooded with spam messages, there is a huge possibility that it has been leaked. Avoid using it for any major account and change it from the ones it's already connected to.

Also, use two factor authentication on your account, this would serve as an extra measure of security should there ever be an attempted breach.
Also add your personal security measures which others can adopt to protect themselves.

[joniboini]

Have dispensable addresses: We regularly want to try out or experiment on certain platforms. Do not use any of you main email accounts, rather use a random one and if possible a random password for it. This prevents you from leaving a pattern which can be used to breach your accounts.

Using a temporary e-mail address service is probably better in terms of flexibility. You don't really have to create an e-mail per se, just need to input the temporary e-mail address that's generated and you can see the inbox asap. Of course, create a new account with your e-mail if you decide to use the platform after you tried it.

[Upgrade00]

...

Good suggestion, added to OP.
I initially didn't want to include it as some users may forget to change to a more secure email address when they are ready to create a permanent profile and temporary addresses like yopmail are susceptible to hacks. But a dispensable address on a more secure platform has the same level of security.

[Kakmakr]

Also something that I noticed was that people are targeting your primary email address, when you use that as a recovery email address for your throwaway email addresses. I create one additional secure primary email address, just for recovery purposes and I never use my main account for everything other than communications with friends and family.

I also have several sim cards for the different webmail accounts I use, to prevent people from accessing my main phone number. It just makes things easier and more secure, if you put preventative measures in place. One phone hack would be devastating, if you used one phone number for all your 2FA. 

[AlmazWin]

There have been cases when hacked two-factor authentication?

[JeromeTash]

There have been cases when hacked two-factor authentication?

Its possible.
For example if you use the same password across all your accounts including your emails. The hacker could easily have access to your authenticator backup especially those that have cloud backup like Authy.

The best way is to use different random strong passwords for all your important accounts and the activate 2FA for all of them.

[GSpgh]

There have been cases when hacked two-factor authentication?

The commonly used 2FA (30-second 6-digit codes) is basically just a random password that gets hashed with a time value to produce your code. So the advantage is that the password itself is never sent over the internet but it can still be leaked from the server or from your device via some malware or from backups.

[Findingnemo]

Don't use gmail,which is not secure and no more privacy,google itself will sell your email to advertising companies so you will get lot of spam messages,better use mail like proton main which is end to end encrypted so you won't get spams also well as hacks.

[hugeblack]

Some emails have pseudonyms "E-mail alias," which are very useful for using temporary email and avoiding hacking if there is any leak of emails with any platforms.
Do not forget that one of the options to secure your account using the phone number, which may be considered more risky "SIM swapping" than being an advantage, so avoid it.

[harizen]

There have been cases when hacked two-factor authentication?

Yes but mostly due to the user's action.

2FA is one of the most recommended extra layers to our online security because it really giving scammers a hard time to breached it even how smart they are. But instead of attacking directly the strong wall provided by 2FA, these scammers will lure their victim to a certain trick e.g phishing, malware, etc. and when the said user falls on that trap, that's it.

Don't use gmail,which is not secure and no more privacy,google itself will sell your email to advertising companies so you will get lot of spam messages,better use mail like proton main which is end to end encrypted so you won't get spams also well as hacks.

Spam email messages are always around since the early days of the cyberworld. Although there are lots of questions about the reputation of Google! being an email provider, I like how they evolve through the years starting from a small fry into a bigger one. I only received a few spam email messages from all of my Gmail Accounts on and the first spam email I received started when I use my emails in registering to a certain site. Therefore, not Google! fault in the end but through the other party.

And for their security, it's now difficult to breach a certain Google account nowadays. If the account owner properly set-up their security, there are tons of verifications first before a hacker can access the email even they know the password. Unless the hacker is just around the area or being a snake to that victim all the time.

[Upgrade00]

...

Majority of users use Gmail for it's reputation as an email service provider, and if one adopts standard safety procedures then they should be fine with it. Google does not divulge or sell private information, but they collect and store data on individuals and use it in marketing strategies.

That depends on type of 2FA you use. It's possible to use email as 2FA, even though it's rare nowadays.

Email and phone messages are both possible, email is more secure and except you have lots of funds linked to the account you are protecting, it would be fine for protecting your account. Authy is my preferred means of authenticating an account.

[GSpgh]

There have been cases when hacked two-factor authentication?

The commonly used 2FA (30-second 6-digit codes) is basically just a random password that gets hashed with a time value to produce your code. So the advantage is that the password itself is never sent over the internet but it can still be leaked from the server or from your device via some malware or from backups.

That depends on type of 2FA you use. It's possible to use email as 2FA, even though it's rare nowadays.

I mean TOTP standard which is probably the most common offline 2FA method.

I don't think email confirmation qualifies to be called 2FA, it's just an out-of-band verification method. It's better than nothing but it's vulnerable to various exploits and it doesn't satisfy the basic MFA requirements (two or more of something you know/have/are).

TOTP is also not perfect because it relies on a shared password but that's a different discussion.

[Juggy777]

Snip

@Upgrade00 these are really nice tips and if implemented correctly then, it should definitely protect those users who’re constantly checking their emails. Another tip you can add is that people should not enter their email passwords using unsecured public wifi, because hackers could easily snoop in all their documents and then blackmail them for money. Last but not the least every few months people should change their email passwords, and avoid putting their names as their password.

[Beparanf]

There have been cases when hacked two-factor authentication?

Its possible.
For example if you use the same password across all your accounts including your emails. The hacker could easily have access to your authenticator backup especially those that have cloud backup like Authy.

The best way is to use different random strong passwords for all your important accounts and the activate 2FA for all of them.

This should be done even it's hard to put a different passwords since tendency is we will forgot one of them but it's safer since when one is detected the other will follows. I have different email for my crypto, work and personal . And I triesd to put different password and mostly forgot those I don't use often that's why I add security option in mobile or backup email. 2FA still should be use.

[Upgrade00]

...

As much as possible, avoid logging in your email on an external device, when on your own device, even with a public WiFi, you shouldn't need to log in as your details are already saved.
I also support changing of passwords every few months, maybe biannually to ensure the safety of their accounts.

[Basikan]

Have dispensable addresses: We regularly want to try out or experiment on certain platforms. Do not use any of you main email accounts, rather use a random one and if possible a random password for it. This prevents you from leaving a pattern which can be used to breach your accounts.

Using a temporary e-mail address service is probably better in terms of flexibility. You don't really have to create an e-mail per se, just need to input the temporary e-mail address that's generated and you can see the inbox asap. Of course, create a new account with your e-mail if you decide to use the platform after you tried it.

During this time many people have talked about the temporary email address service and suggested it to me before, but I don't know about that!.
Where can I get it? what is the site? thanks

[khaled0111]

@Basikan, a temporary email is simply a throwaway email. it gives you a temporary address and you can check your inbox without having to create an accout.
Most tempmail are self-destructed after a short time from their creation. Therefore, don't use it to receive important emails that you may need later.

This service is mostly used to receive the confirmation email when creating an account (throwaway account) on a forum for example.

Here is some websites you can use to create one:
https://10minemail.com/                   (self-destructed after 10 mins by default)
https://www.tempmailaddress.com/   (self-destructed after 60 mins by default)
https://temp-mail.org/en/                 (self-destruct manually)

[BitNoLimit]

I'm using these sites and they providing what i needed at moment.


https://tempmailgen.com                  (No self-destruct by default, Unlimited Temp mail inboxes you can generate. Also, they provide reply/forward option for your
                                                         received temporary emails and they claim they store our received emails to get access to them anytime,anywhere. )

https://10minute-mail.com/               (Temp emails will self-destructed after 24Hours by default)