Protect your online identity with this email security guide

For most people, email accounts are the gate to your online identity: Amazon, Facebook, Twitter - all of these services are linked to your email account. And, unfortunately, all of these services provide a password reset feature via email.

This poses a severe threat to your entire online identity: Should malicious attackers gain access to your email login, they can request a simple password reset for lots of services, thus, taking over your entire online identity.

In this quick guide, we explain how you can keep your email account safe from malicious attackers with three easy steps, whether you are a normal internet user or a prominent target.

Email Security Guide: How to keep your emails safe from hackers?

Choose a strong password. Use two-factor authentication (2FA). Choose an email service without password reset via email.

1. Choose a strong password

The most important part of securing your email account is securing your login credentials. For this, you need to choose a strong password. Tutanota is one of the few services that allows an unlimited length of passwords. Upon sign-up, Tutanota also checks whether your password is strong enough so that it can't be broken by brute-force attacks.

2. Use two-factor authentication (2FA)

Once you have chosen a strong password, enable 2FA to protect your login to the maximum. Tutanota supports U2F (second factor with a hardware token) and TOTP (second factor with an authenticator app). Tutanota does not support second factors via SMS as these are considered not secure enough.

We strongly recommend to use U2F (a hardware token such as Nitrokey / YubiKey) as this is the most secure option.

3. Choose an email service without password reset via email

As already explained, password resets via email are one of the biggest threats to your online security. This reset feature makes it very easy to take over your accounts with a targeted attack, such as a smartly crafted phishing email.

Tutanota does not offer an email reset feature to keep your account secure.

Instead, Tutanota offers a recovery code that enables you - and only you - to reset your Tutanota login credentials in case you lose access to your password or second factor.

To make sure you never lose access to your secure Tutanota mailbox, please write down your recovery code and store it somewhere safe.

All data encrypted for maximum email security

Tutanota is the most secure email service because it takes your security into consideration at all ends. Tutanota encrypts your entire mailbox - emails and contacts - automatically on all devices. Wherever you use Tutanota, your private data is always secure.

2. Dedicated desktop apps to guarantee security

Tutanota does not support IMAP/Pop3 because emails retrieved via IMAP/POP3 would be stored unencrypted on your device. Instead, Tutanota offers dedicated and open source desktop clients for Windows, Linux and Mac OS. Tutanota also comes with open source apps for Android and iOS. The Tutanota desktop clients and mobile apps work just as easy as Tutanota's secure webmail client, which enables you to access to your encrypted mailbox securely wherever you are.

3. End-to-end encrypted emails made easy

Tutanota does not only store all your data encrypted, it is most famous for offering a very easy option to send end-to-end encrypted emails to any email address in the world. This is very important because normal emails can be intercepted and read by third parties as easily as a postcard can be read by others. Whenever your email contains sensitive data that should not be published in the newspapers tomorrow, we recommend to encrypt your emails end-to-end.

4. Encrypted search to protect your privacy

Most services handle search on the server because they do not encrypt your data. This is insecure because it requires for the data to be accessible by a server that you as the user have no control over. Instead, Tutanota searches your encrypted data locally on your device. This innovative feature stores an encrypted search index on your device, which cannot be accessed by us or by any other third party.

5. DANE support

As a forerunner in email security, Tutanota was one of the first email providers to implement DANE support. The technology DANE is an SSL extension that makes email services independent of Certificate Authorities.

Register your own encrypted mail account now. When switching to Tutanota, you'll find that securing your emails is much easier than expected. Read here why it's time to leave Google and be sure to check our security comparison between GMX and Tutanota.

Besides, with Tutanota you can encrypt literally any email. This comes in very handy if you need to send confidential information to a friend who does not use email encryption (yet).

Recommended for further reading: How to prevent email phishing attacks - a quick guide.

This Email Security Guide is designed as a tool to keep your secure mailbox safe from malicious attackers. Please comment below if you'd like us to add more information to this guide.