Hushmail is known for providing multiple layers of security, including OpenPGP encryption and a secure SSL/TLS connection, but that’s not the only way to protect sensitive information.
In today’s post, we’re going over some extra security features we provide, such as two-step verification, and precautions you can take, such as using a password manager, that will ensure your emails and web forms are as secure as possible.
Two-step verification works like this: when signing in to your Hushmail account from a computer or device our servers don’t recognize, you’re required to verify your identity using two different methods.
The first method is with your password, which is hopefully a strong one created by a password manager (see below).
The second method is to verify with a separate security code that's sent to a second device via text message, another email account, or an app such as Duo Mobile or Google Authenticator. These options are given to you when you set up two-step verification in your Hushmail Preferences.
Once you enter the code, the device or computer will be “trusted," and further security codes will not be necessary to access your account for one year or until you clear the cookies on your device’s web browser, whichever comes first.
With two-step verification, even if someone were to figure out your password, they would not be able to break into your account, unless they also have access to your second device or email account.
Anyone who wants an extra level of security.
When you compose an encrypted email to send for the first time to a new client, you’re prompted to include a security question. Including a security question is optional, and you get to create the question. The question only appears when the first email is sent. Once your client has set up their password and answered the question, they are ready to receive and respond to future messages in the Hushmail secure message center.
The question will help verify your recipient’s identity and ensure you’re using the correct address. This is a valuable security measure if your messages contain sensitive information.
If you expect to send and receive protected health information (PHI) from a client, and you’re emailing them for the first time, you might want to use a security question.
If you sync your Hushmail account with a third-party email app such as Outlook or Mail, your emails are sent without encryption when you send through that application. However, there’s a way to force encryption by placing a special keyword in the email subject line, allowing you to benefit from Hushmail’s security while using your favorite app.
Using Hushmail with Outlook or Mail can be very convenient, but unless you set up an encryption keyword (or ask Customer Care to force encryption on all of your Hushmail emails), you won’t be fully using the security benefits of your Hushmail account.
Anyone who prefers to use a third-party email application but still needs the option to encrypt.
Contact Customer Care. One of our specialists can configure the settings so you can force encryption with a keyword in the email’s subject line. For example, they could set up “[encrypt]” as your keyword. Then, when you type “[encrypt]” in a subject line, that email will be encrypted. (E.g., “Session feedback - [encrypt]”)
Most web browsers, such as Chrome, Firefox, and Safari, provide a password manager that will generate a unique password and automatically fill it in when you return to a website. The browser password manager is popular with many users because it’s built in, and most are already set up by default.
Another option is a third-party password manager. These operate mostly the same way browser managers do by generating a password, asking if you want to remember it, and then filling the password in for you later. Some also give you extra convenience in features such as group password sharing and personalized security alerts.
One of the easiest and most reliable ways to protect your account is to always use a strong, unique password that you keep track of in a secure and reliable way. Password managers make this easy.
Anyone who wants to ensure they are using strong, unique passwords that are backed up by a reliable system.
The main thing you need to do is decide on one first. You can either use the password manager included with your web browser or a third-party password manager. This recent article from PCMag, The Best Password Managers of 2020, will help you get an idea of the most popular third-party apps and their features. Setup will vary depending on the manager you choose.
OpenPGP encryption and a secure SSL/TLS connection aren’t the only ways to protect sensitive information. We’re going over some extra security features Hushmail provides, such as two-step verification, and precautions you can take, such as using a password manager, that will ensure your emails and web forms are as secure as possible. Related posts: |