Email -- Your Weak Link

Preview:

Email is your weak link. If hackers crack your email password, they can wreak havoc with your life. Here's how to protect your email account with both desktop and mobile devices.

If you lose control of your email, you are in DEEP trouble. If someone manages to break your email password, and gain access to your email account, then they can get just about anything. What can they do?

They can see from your emails what your bank and other online accounts are.
They can change your email password locking you out of your account.
They can go to your accounts and click the "I forgot my password," link. Then, the site will send them an email with a reset my password link. Then, they are in the account and you are locked out.
Even if you have 2FA (2-factor authentication) enabled and not going to your email address, they can often get a password reset sent to your email address. Of course, if the 2nd factor is your email address, then you have no extra security at all.

One would imagine that if so much hinges on the security of this one password, everyone would be careful to make sure it is really strong. Mine is 32 characters, using all four character types and is completely random. But that isn't possible for Gmail. Your Google password is going to be used for a new phone or tablet, which means you'll need to type it in with a small limited keyboard. So, what to do?

Possible Approaches

Most insane: Just don't worry about it. Sign in with a short easy to type and remember password, then use your browser to check your mail.

A whiff of sanity: Make a pretty good password and let your browser handle it and log you in. This way you can check your email in one tab while you do your other Internet work in other tabs. The problems here are that:

Browsers generally don't store passwords very well.
A nefarious extension could record your passwords
A security flaw could allow sites in another tab to monitor your email.
Browser passwords don't work for programs running on your computer.

OKAY: Use an excellent password managed by your password safe to log in to webmail from your browser.

Recommended: Use a dedicated email application, separate from your browser, to handle your email. Of course, use strong random passwords saved in your password manager. Separating your email from your browser is a good safety measure.

Best: Same as recommended but adding password protection to access your email app or taking other measures to protect it. Of course, your password manager will log you into your email app so you don't even need to know that password.

Good Solutions

Apple Mail seems fine for Apple computers.

For Windows computers here are three good options.

Thunderbird: Thunderbird is an excellent program with millions of users and a long pedigree. In addition to email, it also has contact management, calendars that can sync with Google calendar and Apple calendar and most other online calendars. This way your tasks and contacts and calendars are connected between your mobile and desktop applications. This is what I normally recommend to clients.

Outlook: If you are embedded in the Microsoft world, Outlook is a perfectly acceptable email app with contact, calendar and task support.

Essential Pim: This is what I use. Unlike Thunderbird or Outlook, it isn't an email program which does tasks and calendar functions as an add-on. It is a full-blown information manager for notes, calendar, contacts and tasks that handles email just fine. It offers its own Android and iOS apps. You can synchronize between the desktop and their mobile apps. There is

A free version
A version you can use forever, but with one year of free upgrades. $39.95
A business pro version allowing multi-user access to a shared database. $59.95
Lifetime upgrades to new versions for $40 more. That's what I have.

What about mobile?

Yes, you'll also need an app for your mobile devices. For iOS, the Apple mail is fine. They are very good on security. For Android, I have a few options. I was surprised when I discovered how much things had changed in the last decade.

Four Big Issues for Android Email Apps

Where are my emails? Many mobile apps download your messages to their servers and then sync with your actual email provider. This lacks both security and privacy. Who knows what they do with your emails and they have all your passwords. Furthermore, they charge a subscription fee, often about $60/year. Overall, I can't recommend any of these. They often claim to be free for some limited or ad-supported app, then try to sell you their full mail service. There is no reason for your email passwords to be stored by other services in the cloud. Keep them on your own computer.
It's free with ads. I can't recommend these either. No one controls the ads which could not only give you a worse experience, but also contain malware or spy tools that sell your information.
If they don't charge and don't advertise, they are likely selling your information. You become the product. This is not true for open source projects like Thunderbird, which have corporate support and solicit donations.
Do you need a simple email app or much more? Often people want their email app on mobile to sync with their contacts, tasks and calendar from their desktop.

I reviewed and discarded a lot of possible mobile apps and am left with these that seem reasonable.

Google Mail: Google's email app comes with Android. It is perfectly fine as long as you have no desire for any privacy. I'd never use it, but it works reasonably well, and you are probably already logged in to Gmail because you're already using your Android device, so you shouldn't need to enter a password for your Gmail account. It has a 4.2 rating at the Google store and can be used for other services, not just Gmail.

Fair Email:

The tablet version has a 4.8 rating on Google Play. The phone version has a 4.6 rating. This is a very nice clean open source email program with a pinpoint focus on security. I think it is the most secure email program for normal email. They reformat messages to help prevent phishing. You must confirm to show images. They pop up an "Are you sure?" message if a link is attempted to open. This prevents many hidden trackers sending messages from your email.

They also have a checkbox to turn off the check for that website. There are many more options.

They support all open standards, so Microsoft Exchange is not supported. If you don't need MS Exchange, this is a very good option. Particularly if most of your work is done on your computer and the mobile device is ancillary.

You can use the program for free, but some features are added with the $6.49 one-time purchase. If you use this, then buy it to support the author.

I set up a couple of accounts and checked mail with them in just a few minutes. They were able to figure out all the server settings correctly. It took me another 15 minutes or so to get comfortable with it. It did take a little longer to make my signature. It offers link creation and image insert, but not a WYSIWYG html editor for your signature. It does offer a normal html editor.

Bluemail-calendar
A 4.4 rating on Google play. They are good on privacy and have a free version which sets up easily. They'll try and sell you their $60/year service with AI and more themes but that's not what I'm recommending. The free version is very nice and a little simpler than FairEmail with a company rather than just a person behind it. It adds a calendar function. Though not as good on security and privacy as Fair Email, they are good enough.

I set up a couple of accounts in just a few minutes and it was able to determine all the appropriate account settings. In another 10 minutes, I was comfortable with it and was able to make a nice signature file with their WYSIWYG html editor. If you need MS Exchange support, this is an excellent option and a good option even if you don't.

Nine: This is a program to consider if you live mobile instead of desktop. It is privacy oriented and won't store your information in the cloud. They get a 4.0 rating on Google Play and have a 2-week free trial. They offer email, calendar, contacts, tasks and notes for Android and iOS. There is no desktop version.

Outlook: If you use Microsoft 365 you should consider this. It should be okay.

Date: October 2023

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Email -- Your Weak Link Preview: Email is your weak link. If hackers crack your email password, they can wreak havoc with your life. Here's how to protect your email account with both desktop and mobile devices. If you lose control of your email, you are in DEEP trouble. If someone manages to break your email password, and gain access to your email account, then they can get just about anything. What can they do? They can see from your emails what your bank and other online accounts are. They can change your email password locking you out of your account. They can go to your accounts and click the "I forgot my password," link. Then, the site will send them an email with a reset my password link. Then, they are in the account and you are locked out. Even if you have 2FA (2-factor authentication) enabled and not going to your email address, they can often get a password reset sent to your email address. Of course, if the 2nd factor is your email address, then you have no extra security at all. One would imagine that if so much hinges on the security of this one password, everyone would be careful to make sure it is really strong. Mine is 32 characters, using all four character types and is completely random. But that isn't possible for Gmail. Your Google password is going to be used for a new phone or tablet, which means you'll need to type it in with a small limited keyboard. So, what to do? Possible Approaches Most insane: Just don't worry about it. Sign in with a short easy to type and remember password, then use your browser to check your mail. A whiff of sanity: Make a pretty good password and let your browser handle it and log you in. This way you can check your email in one tab while you do your other Internet work in other tabs. The problems here are that: Browsers generally don't store passwords very well. A nefarious extension could record your passwords A security flaw could allow sites in another tab to monitor your email. Browser passwords don't work for programs running on your computer. OKAY: Use an excellent password managed by your password safe to log in to webmail from your browser. Recommended: Use a dedicated email application, separate from your browser, to handle your email. Of course, use strong random passwords saved in your password manager. Separating your email from your browser is a good safety measure. Best: Same as recommended but adding password protection to access your email app or taking other measures to protect it. Of course, your password manager will log you into your email app so you don't even need to know that password. Good Solutions Apple Mail seems fine for Apple computers. For Windows computers here are three good options. Thunderbird: Thunderbird is an excellent program with millions of users and a long pedigree. In addition to email, it also has contact management, calendars that can sync with Google calendar and Apple calendar and most other online calendars. This way your tasks and contacts and calendars are connected between your mobile and desktop applications. This is what I normally recommend to clients. Outlook: If you are embedded in the Microsoft world, Outlook is a perfectly acceptable email app with contact, calendar and task support. Essential Pim: This is what I use. Unlike Thunderbird or Outlook, it isn't an email program which does tasks and calendar functions as an add-on. It is a full-blown information manager for notes, calendar, contacts and tasks that handles email just fine. It offers its own Android and iOS apps. You can synchronize between the desktop and their mobile apps. There is A free version A version you can use forever, but with one year of free upgrades. $39.95 A business pro version allowing multi-user access to a shared database. $59.95 Lifetime upgrades to new versions for $40 more. That's what I have. What about mobile? Yes, you'll also need an app for your mobile devices. For iOS, the Apple mail is fine. They are very good on security. For Android, I have a few options. I was surprised when I discovered how much things had changed in the last decade. Four Big Issues for Android Email Apps Where are my emails? Many mobile apps download your messages to their servers and then sync with your actual email provider. This lacks both security and privacy. Who knows what they do with your emails and they have all your passwords. Furthermore, they charge a subscription fee, often about $60/year. Overall, I can't recommend any of these. They often claim to be free for some limited or ad-supported app, then try to sell you their full mail service. There is no reason for your email passwords to be stored by other services in the cloud. Keep them on your own computer. It's free with ads. I can't recommend these either. No one controls the ads which could not only give you a worse experience, but also contain malware or spy tools that sell your information. If they don't charge and don't advertise, they are likely selling your information. You become the product. This is not true for open source projects like Thunderbird, which have corporate support and solicit donations. Do you need a simple email app or much more? Often people want their email app on mobile to sync with their contacts, tasks and calendar from their desktop. I reviewed and discarded a lot of possible mobile apps and am left with these that seem reasonable. Google Mail: Google's email app comes with Android. It is perfectly fine as long as you have no desire for any privacy. I'd never use it, but it works reasonably well, and you are probably already logged in to Gmail because you're already using your Android device, so you shouldn't need to enter a password for your Gmail account. It has a 4.2 rating at the Google store and can be used for other services, not just Gmail. Fair Email: The tablet version has a 4.8 rating on Google Play. The phone version has a 4.6 rating. This is a very nice clean open source email program with a pinpoint focus on security. I think it is the most secure email program for normal email. They reformat messages to help prevent phishing. You must confirm to show images. They pop up an "Are you sure?" message if a link is attempted to open. This prevents many hidden trackers sending messages from your email. They also have a checkbox to turn off the check for that website. There are many more options. They support all open standards, so Microsoft Exchange is not supported. If you don't need MS Exchange, this is a very good option. Particularly if most of your work is done on your computer and the mobile device is ancillary. You can use the program for free, but some features are added with the $6.49 one-time purchase. If you use this, then buy it to support the author. I set up a couple of accounts and checked mail with them in just a few minutes. They were able to figure out all the server settings correctly. It took me another 15 minutes or so to get comfortable with it. It did take a little longer to make my signature. It offers link creation and image insert, but not a WYSIWYG html editor for your signature. It does offer a normal html editor. Bluemail-calendar A 4.4 rating on Google play. They are good on privacy and have a free version which sets up easily. They'll try and sell you their $60/year service with AI and more themes but that's not what I'm recommending. The free version is very nice and a little simpler than FairEmail with a company rather than just a person behind it. It adds a calendar function. Though not as good on security and privacy as Fair Email, they are good enough. I set up a couple of accounts in just a few minutes and it was able to determine all the appropriate account settings. In another 10 minutes, I was comfortable with it and was able to make a nice signature file with their WYSIWYG html editor. If you need MS Exchange support, this is an excellent option and a good option even if you don't. Nine: This is a program to consider if you live mobile instead of desktop. It is privacy oriented and won't store your information in the cloud. They get a 4.0 rating on Google Play and have a 2-week free trial. They offer email, calendar, contacts, tasks and notes for Android and iOS. There is no desktop version. Outlook: If you use Microsoft 365 you should consider this. It should be okay. Date: October 2023 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk