Become a Patron of Ask Leo! and go ad-free!
You can use free email services safely, except that most people don’t. Hi everyone! I’m Leo Notenboom for askleo.com. One of the topics that I’ve talked about a lot over the last 13 years has been the use of free email services. I’m talking about services like Hotmail (when it was still around) or Outlook.com or Gmail or Yahoo’s mail.
Services like that – services that give you an email address and an email inbox and an email interface all for free. Now, I’ve railed against them many times in the past. One of my oldest articles, is in fact about using free email services and technically why you probably don’t want to.
The problem is something that I see every day. I see people coming to Ask Leo!, asking questions, leaving comments or visiting the articles that talk about having lost their accounts. People lose their free email accounts with alarming regularity. It happens all the time.
There are several different variations on the theme; don’t get me wrong. It’s not like everybody’s waking up and suddenly their account is gone, although that happen,s but also we’re finding scenarios particularly with Hotmail these days where simply traveling out of the country can cause you to completely lose access to your email account – at least while you’re gone and possibly, possibly forever.
It’s really, really dangerous to rely so heavily on a free email account. So, why is it so dangerous? Well, number one is actually very simple. There is no customer support. None. None whatsoever. Even if there are support forums where you get an opportunity to interact with other users of the service, one of the things you’ll quickly find is that there is very limited interaction with the people who support or actually represent the service you’re using, if any at all, and most of those are limited to very, what I’ll call “canned responses”. Certainly not a hand holding kind of support that you might really want when you’re in a desperate situation trying to gain access to your email.
The single most important thing you need to remember about free email accounts is that you are completely and totally on your own. There is no support; there is no customer support. Anything that comes close to it, basically, should be seen as something that’s very, very lucky. You’re very, very lucky to get any kind of help with free online email accounts.
And when you think about it, it makes sense. I mean they’re providing a service to you for free. They’re getting some revenue obviously from the advertising and other things they get to do with it, but customer support, good customer support is really, really expensive, and therefore they simply can’t provide it with free email accounts. Instead, they provide knowledge bases and discussion forums and so forth which when you’re in a pinch, when you’ve lost access to your email account are pretty close to being useless. So no customer support.
Number two. Free email accounts have long been targets for hackers. They love to get people’s email accounts, their online free accounts, because they know there’s not going to not be any customer support. Once they’ve hacked a free account, they’ve probably hacked it forever. You’re not going to get it back. They love to do that for a couple of different reasons.
The most interesting one is that by hacking your free email account, they now have access to your address book. Not only can they start sending spam to your address book, an address book full of people that they know are actual, valid email addresses but they can make it look like it comes from you.
I’m sure we’ve all seen occasional emails that look like they came from our friends and actually came from their email address and have something like a single link to “Look at this” and you end up at some kind of malicious or spammy website.
Your friend’s email account has been hacked. Chances are they’re not going to get it back; chances are, you may end up clicking on that link because you think it was from them, and that’s exactly what the spammers want when they hack somebody’s free email account.
It turns out, especially, because of the security measures that have been put into place specifically to make it harder for accounts to be hacked, those same security measures can prevent you from gaining access to your own account if something changes, like your location.
One of the recent (and by recent, I’ll say within the last year or two) common threads that I get from people is people who are traveling overseas, and because they’re traveling overseas, Hotmail, Outlook.com, decides that well, you don’t usually log in from this other country. Therefore, in order to confirm that it’s really you, we’re going to ask of you a couple of additional security questions or we’re going to send a security code to the phone you set up.
The problem, of course is that many of those questions, we don’t remember the answers to, but particularly when we’re using a phone as a second authentication mechanism, this is not two-factor authentication. This is just a second layer of authentication. Those phone often don’t work while we’re overseas. We might not even have them with us. So if Outlook.com decides to text you a code that you need to then present in order to be able to log in, you won’t get the code and there’s no way for you to get the code.
Even alternate email addresses, which is another way of confirming that you are who you are and are in fact entitled to login to that account, can often be thwarted by the same problem. You can’t login to account A so it sends your confirmation notice to account B.
But you can’t login to account B for exactly the same reason, and in fact, in the worst case, it sends the confirmation notice to account A and you’re stuck. You can’t login to either account, so you can’t confirm that you are the right person logging into either account.
It gets very messy, very quickly, and more importantly, really frustrating because there is no solution. You can’t do that. The problem is there is no customer support; nobody’s going to take your phone call; nobody’s going to help you recover access to your account, whether it’s because you’re traveling, or whether it’s because your account has actually, truly been hacked.
Free accounts just don’t come with that kind of safety net. So, what should you do? I did say you can use them safely. Here are the things that most people don’t do, and I really, really, really want you not to be “most people”. First off, and you know this was coming, right? Back up your email and your contacts. Do it regularly. There’s any number of different ways to do it.
My favorite for email is to actually run an IMAP client like Thunderbird or Outlook on your PC. Have it download your email every so often. You don’t have to use for anything else. Just have it configured to download your email from your free online email account. They all support that kind of access these days.
I run Thunderbird once a week. I just let it download all the email from my free online email accounts, and all of a sudden I’ve got all the email. Contacts are a different story. It’s something that still, you have to do manually, and that’s something I actually set up a reminder to do myself once a month.
Second, set up as a much recovery information with the account as you can. That could be ultimate email addresses. That could be mobile numbers to get a text message. It could be a landline to get a voice message. It could be any number of different techniques that the different email providers use to actually be able to authenticate that you are who you say you are if there’s ever any question.
Now, as I pointed out, two things happen here that are causing people a lot of trouble. One is not all of the recovery mechanisms actually work in all situations. For example, when you’re traveling. A very safe thing, a very important thing to do if you travel frequently, you need an alternate email address on a completely different service that you still have access to no matter where you happen to be.
If you use text messaging or phone number kind of verification, make sure that whatever it is you’re using will work when you’re traveling. Most importantly, in fact the single most important thing that people consistently fail to do is keep the recovery information up to date.
I hear frequently from people who have lost access to their account because it’s configured to use a mobile number that they no longer have, or it’s configured to use an email address that they let expire. So make sure that the recovery information is not only set, but that it’s also kept up to date as life changes.
One of the articles that I have, the “One Quick Way to Lose Your Account Forever” is all about losing your account access simply because your account recovery information is incomplete or out of date. Consider two-factor authentication.
Two-factor authentication is different than the second layer of stuff. Two-factor authentication is information that you need to provide consistently whenever you access your email account typically either from a mobile device, from a laptop that you may be traveling with or from a new computer.
You can set it up so you don’t have to actually provide the second layer of information when you’re consistently logging in on a computer that you consider to be safe. What it boils down to is this: I could tell you my Gmail password right now. I’m not going to, but I could and you still would not be able to login to my account because you don’t have my phone.
Now, the phone doesn’t even have to be connected to a network. It could be in airplane mode. In other words, no wireless communications at all. There’s an application that runs on the phone that generates a pseudo-random number that must match what Gmail expects when it asks for that number. That’s all it is. It uses cryptographic magic, as I call it but the important thing is that even knowing my password, you can’t get into my account.
The only way you can get into my account is to do it from a computer where I’ve said you don’t need that second layer of authentication, or you actually have my phone in your hand and can generate the random number when it’s requested. That’s really, really safe. It’s not an excuse for having weak passwords.
You still want that but it’s really, really safe and one of those things that will prevent your account from being hacked and one last thought, Outlook.com, Microsoft accounts allow you to generate what’s called a recovery code. It’s a recovery code that you generate once and you save somewhere.
Use that. Generate your recovery code and save it in a safe place. Particularly if you travel. Particularly if you are going overseas, make sure that you take that recovery code with you, because you may need it to login to your account. Without it or without some other form of secondary authentication, you may not be able to access your account while you’re overseas.
So, use free email accounts but use them safely. Set up recovery information; keep it up-to-date. Use it in a safe way. Don’t fall for phishing scams. Hackers are actively trying to hack into almost every free account that exists today. Understand that there is no customer support. You are on your own when it comes to any problems with your free email account.
And if all of that sounds too much, if that’s not something that you’re willing to tolerate or willing to accept, don’t expect the free email providers to change. They have no incentive to. Like I said, it costs too much to provide the level of support that you and I might want. Instead, if that’s something that you feel needs to change, switch to a different account. Switch to a different account. Use your ISP’s account.
There are other email providers out there that actually do have live support – real support that can help you in a situation where you might need it. So, that’s what I’m suggesting. Use free email accounts but be careful to use them very, very safely. Take those extra steps.
As always, I’d love to hear what you think. This is one of those issues that’s been an issue for as long as I’ve been doing Ask Leo! I’d love to hear if you have additional ideas to help make free email accounts more useful, more secure, less of a risk as people do use them by the millions every day.
As always, here’s the link to this article up on askleo.com. Visit there; leave a comment. Let me know what you think; let me know what you do with your free email account. Until next week, I’m Leo Notenboom for askleo.com and of course remember, stay safe, have fun and don’t forget to back up. Take care, everyone!