Why you should turn two-step verification on today

Published on May 13, 2021

designer hand working and smart phone and laptop on wooden desk in office with london city background-1

If you’ve ever been targeted by a phisher (a cybercriminal who tricks customers into handing over credentials so they can break into accounts for theft or to send spam), you know how frustrating it can be. As phishers become more sophisticated in their techniques, customers are seeing more and more phishing attempts, and, unfortunately, many of them are successful. 

Fortunately, there is something you can, and should, do to protect your Hushmail account. Two-step verification (also called multi-factor authentication) will immediately block a phisher’s plan to break into your account. 

Why two-step verification is so important for your Hushmail account

It can really ruin your day – multiple emails coming to you from clients complaining about the spam they’re receiving from your account. 

When it comes to protecting your Hushmail account against hackers, strong, unique passwords are a good defense. However, phishers get passwords by asking for account information with very authentic-looking emails. It’s easy to get fooled into handing over your password. Here’s an example of a phishing email:

Subject: important Notice

To: undisclosed-recipients:;

Your account is missing billing information and your email service is about to be suspended, update your account information to keep active. Click the secured get started link below to confirm.

Note that you will not be billed if you have already paid but it is important you update your account with the requested information.

Get Started

secure/hushmail.com

Kind regards,

Copyright © 1999-2021 Hush Communications Canada Inc.

You might think you’re too smart to get caught in a phishing scam, but it happens all the time. The good news is if you have two-step verification turned on, even if a phisher manages to get your password, there’s a good chance they won’t be able to use it to access your account because two-step verification stops them short.

How Hushmail’s two-step verification works

When signing in to your Hushmail account from a computer or device our servers don’t recognize, two-step verification requires you to verify your identity using two different methods. One is your strong, unique password. The other is a separate security code that's sent to a second device via text message, another email account, or generated by an app on your device such as Duo Mobile.

Once you enter the code, the device or computer will be “trusted," and further security codes will not be necessary to access your account for a year.

When two-step verification is on, no one can use your password to hack into your account because they will be unable to verify their device. They won’t be able to get the code!

What’s the best two-step verification method?

All two-step verification methods are better than nothing. However, keep in mind that some offer greater security than others. 

Using a verification app like Duo Mobile or Google Authenticator tends to be more secure than other methods because the verification code is generated in the app itself based on the time and a key that’s stored in the app. 

Using a separate email account to receive the verification code is secure as long as you’re diligent about using strong, unique passwords for your accounts.

Receiving the code through text message is still better than nothing but be aware that SMS is not impervious to hackers. As stated in this Cnet article, “[h]ackers have been able to trick carriers into porting a phone number to a new device in a move called a SIM swap."

How to set up two-step verification

  1. Sign in to your Hushmail account
  2. Go to the Preferences page by clicking the link in the upper right corner
  3. Select the Security tab
  4. To get started, click on the pencil icon to turn it on
  5. Follow the on-screen instructions
  6. For more detailed instructions, read our help article 

If you’re adding your account to a desktop or mobile mail program with our two-step verification feature enabled, you'll need to enter some additional information into the Password field in the mail program. You can read about how to do this in our help article

Or contact Customer Success and we’ll be happy to help. 

Looking for a secure email and web form service with two-step verification?

Sign up for Hushmail for Healthcare

Two-step verification (also called multi-factor authentication) will immediately block a phisher’s plan to break into your account. Using a verification app like Duo Mobile or Google Authenticator tends to be more secure than other methods because the verification code is generated in the app itself based on the time and a key that’s stored in the app. Using a separate email account to receive the verification code is secure as long as you’re diligent about using strong, unique passwords for your accounts. Receiving the code through text message is still better than nothing but be aware that SMS is not impervious to hackers.

Related posts: 

Subscribe to our newsletter

Enter your email address in the box below to receive regular updates.