Add extra security with a strong passphrase and two-step verification

Published on October 24, 2019

TwoStepVerificationHushmail is known for encrypted email and web forms that help ensure your private conversations remain confidential. 

But our security measures go beyond encryption. There are a couple of other things you can do with your Hushmail account to bolster your cybersecurity even more. 

Today we’re going to talk about your Hushmail passphrase and two-step verification (also called two-factor authentication) - important security measures that provide added protection to keep your most sensitive information safe. 

Use a strong passphrase (or password) generated by a password manager

For extra security, we don’t enable passphrase recovery or reset (unless you have a Hushmail business account and set up recovery ahead of time as we discuss later in the post). 

Why don’t we use security questions to recall your passphrase? Because security questions are very easy for someone to figure out with a little research. With so much of our information online, it’s not difficult to find your mother’s maiden name or where you went to high school. 

Other common methods of password reset and recovery, such as text messaging or links to backup accounts that allow resets, are also easy for hackers to circumvent. 

That’s why we decided to preserve security and not allow passphrase recovery or resets for most accounts. 

When you set up your Hushmail account, you must have a way to remember or save your passphrase. Here are a few suggestions:

  • Find a good password manager. Come up with a strong passphrase you can remember to log in to the manager. Then, use the manager to generate a strong password for your Hushmail account. If you need help finding a manager you feel comfortable with, read our post about how to find a good password manager.

  • If you’re not using a password created by a password manager, come up with a passphrase that’s between three and five words. Passphrases can be easier to remember than passwords, but they must be entered accurately, so leave out extraneous words. For example, “flying lost basketball” is a better passphrase than “the flying basketball is lost.”

  • Be sure to note if you capitalize the first letter or not.

  • NEVER reuse a passphrase or password. 

Passphrase recovery for Hushmail business accounts

Passphrase recovery is only available for Hushmail business account customers who have users under their own domain and who elect to enable passphrase recovery. If a passphrase is forgotten or misplaced, the administrator of the account can reset the passphrase for the user.

However, keep in mind that passphrase recovery must be enabled before user accounts are created. 

Add another layer of security with two-step verification

A strong passphrase is the first step toward greater security. The next step is to add two-step verification. More and more services are offering this security measure. The added protection is well worth it, and once you become used to two-step verification, the extra step is barely noticeable.  

How two-step verification works

The concept of two-step verification is simple. When signing in to your account from a computer or device that we don’t recognize, you’re required to verify your identity in two different ways. The first way is with your passphrase. The second way is to verify with a security code that's sent to a second device, such as your phone, or another email account. 

You can also choose to receive the code through a smartphone app such as Duo Mobile or Google Authenticator. These options will be given to you when you set up two-step verification. Once you enter the code, the device or computer will be “trusted," and further security codes will not be necessary to access your account.

Try two-step verification for greater peace of mind

Setup is simple:

  1. Sign in to your Hushmail account
  2. Go to the Preferences page by clicking the link in the upper right corner
  3. Select the Security tab
  4. To get started, click on the pencil icon to turn it on
  5. Follow the on-screen instructions

No worries. There’s a backup code.

There might be a time when you don't have your phone and can’t access your code. There’s no need to worry. We provide you with a backup verification code when you set up two-step verification. Be sure to write this code down or take a screen capture and keep it in a safe place.

If you are unable to access the security code and have lost the backup code, you can always go back into your account through a trusted device and find the backup code under the Security tab within the Preferences page.

Hushmail’s top priority will always be your security

At Hushmail, we feel that coming up with a strong passphrase or entering an extra code is a small price to pay for greater security. One of the best things you can do is to use a password manager to generate a strong passphrase or password. Then, layer on some extra protection with two-step verification. 

With these two extra security measures in place, you can relax, knowing your communications through Hushmail email and web forms are as secure as possible.

Don't have a Hushmail account?

Try Hushmail for Healthcare risk-free for 60 days

Hushmail offers more than encryption for security. Strong passphrases and two-step verification (also called two factor authentication) are security measures that provide added protection to keep your most sensitive information safe.

Related posts:

Subscribe to our newsletter

...and we’ll send 6 tips to make sure your emails are truly HIPAA compliant straight to your inbox.