Hushmail is known for providing multiple layers of security, including OpenPGP encryption and a secure SSL/TLS connection, but that’s not the only way to protect sensitive information.
In today’s post, we’re going over some extra security features we provide, such as two-step verification, and precautions you can take, such as using a password manager, that will ensure your emails and web forms are as secure as possible.
1. Two-step verification
Two-step verification works like this: when signing in to your Hushmail account from a computer or device our servers don’t recognize, you’re required to verify your identity using two different methods.
The first method is with your password, which is hopefully a strong one created by a password manager (see below).
The second method is to verify with a separate security code that's sent to a second device via text message, another email account, or an app such as Duo Mobile or Google Authenticator. These options are given to you when you set up two-step verification in your Hushmail Preferences.
Once you enter the code, the device or computer will be “trusted," and further security codes will not be necessary to access your account for one year or until you clear the cookies on your device’s web browser, whichever comes first.
Why use two-step verification?
With two-step verification, even if someone were to figure out your password, they would not be able to break into your account, unless they also have access to your second device or email account.
Who should use two-step verification?
Anyone who wants an extra level of security.
How to set up two-step verification
- Sign in to your Hushmail account
- Go to the Preferences page by clicking the link in the upper right corner
- Select the Security tab
- To get started, click on the pencil icon to turn it on
- Follow the on-screen instructions
2. Optional security question
When you compose an encrypted email to send for the first time to a new client, you’re prompted to include a security question. Including a security question is optional, and you get to create the question. The question only appears when the first email is sent. Once your client has set up their password and answered the question, they are ready to receive and respond to future messages in the Hushmail secure message center.
Why use a security question?
The question will help verify your recipient’s identity and ensure you’re using the correct address. This is a valuable security measure if your messages contain sensitive information.
Who should use a security question?
If you expect to send and receive protected health information (PHI) from a client, and you’re emailing them for the first time, you might want to use a security question.
How to set up a security question
- Compose an email in webmail or the Hushmail iPhone app as you normally would
- When it comes time to send, be sure to enable the Encryption switch; you’ll then be prompted to add a security question, if you choose
- Come up with a question only your recipient knows the answer to; avoid easy questions with obvious answers, such as “what is your last name?”
3. Encryption keyword to use in third-party email apps
If you sync your Hushmail account with a third-party email app such as Outlook or Mail, your emails are sent without encryption when you send through that application. However, there’s a way to force encryption by placing a special keyword in the email subject line, allowing you to benefit from Hushmail’s security while using your favorite app.
Why use an encryption keyword?
Using Hushmail with Outlook or Mail can be very convenient, but unless you set up an encryption keyword (or ask Customer Care to force encryption on all of your Hushmail emails), you won’t be fully using the security benefits of your Hushmail account.
Who should use an encryption keyword?
Anyone who prefers to use a third-party email application but still needs the option to encrypt.
How to set up an encryption keyword
Contact Customer Care. One of our specialists can configure the settings so you can force encryption with a keyword in the email’s subject line. For example, they could set up “[encrypt]” as your keyword. Then, when you type “[encrypt]” in a subject line, that email will be encrypted. (E.g., “Session feedback - [encrypt]”)
4. Password manager generated password
Most web browsers, such as Chrome, Firefox, and Safari, provide a password manager that will generate a unique password and automatically fill it in when you return to a website. The browser password manager is popular with many users because it’s built in, and most are already set up by default.
Another option is a third-party password manager. These operate mostly the same way browser managers do by generating a password, asking if you want to remember it, and then filling the password in for you later. Some also give you extra convenience in features such as group password sharing and personalized security alerts.
Why use a password manager?
One of the easiest and most reliable ways to protect your account is to always use a strong, unique password that you keep track of in a secure and reliable way. Password managers make this easy.
Who should use a password manager?
Anyone who wants to ensure they are using strong, unique passwords that are backed up by a reliable system.
How to set up a password manager
The main thing you need to do is decide on one first. You can either use the password manager included with your web browser or a third-party password manager. This recent article from PCMag, The Best Password Managers of 2020, will help you get an idea of the most popular third-party apps and their features. Setup will vary depending on the manager you choose.
Don’t have a Hushmail account?
OpenPGP encryption and a secure SSL/TLS connection aren’t the only ways to protect sensitive information. We’re going over some extra security features Hushmail provides, such as two-step verification, and precautions you can take, such as using a password manager, that will ensure your emails and web forms are as secure as possible.