Your Docusaurus site did not load properly.

A very common reason is a wrong site baseUrl configuration.

Current configured baseUrl = / (default value)

We suggest trying baseUrl =

Top 10 Password Best Practices That Will Help Keep Your Email and Other Accounts Secure

Ah, the password. Probably the only thing we have to protect our accounts and yet we put so little into creating one that will actually do its job.

In this article, we’ll give you 10 password best practices that will help keep your email (and other online accounts) secure, so let’s dig in straight away.

Before we start, remember that the password is not the only email security best practice you should employ to keep it safe.

  1. Stop Reusing Passwords#

    Reusing passwords is probably the biggest offender when it comes to account security and despite multiple studies and reports showing what a bad habit this is, people still do it.

For instance, according to Finance Online, 44% of workers reuse their passwords across personal and work accounts.

Would you use the same key for your house, car and any other lock? Of course you wouldn’t, even though it’s a hassle to carry a bunch of keys in your pocket, just like it’s a hassle to remember a bunch of passwords.

So stop reusing your passwords as well.

  1. Stop Using Personal Information in Passwords#

    According to the United States of [email protected]$ report published by Google and Harris Poll in October 2019, 59% of US adults use a piece of personal information like a name or birthday in their passwords.

This, of course, is another bad habit people have when it comes to passwords and one you should ditch immediately if you’re doing it.

Stuff like your children’s name(s), your partner’s or spouse’s name, or your pet’s name is something that people normally love to share as they naturally love these, the caveat to sharing such information on social media is that someone with less honest intentions might see this.

For instance, if someone wants to guess your email password and they see that you post a lot of photos of your children, they might come to the conclusion that your children mean so much to you that you might even use their name in a password.

  1. Avoid Using Common Words and Passwords#

    You’ve probably heard this time and again, but it bears repeating.

Stop using common passwords like “12345678”, “qwertyuiop”, or “password”!

According to NordPass Top 200 Most Common Passwords, it takes less than 1 second to crack each of these passwords.

That’s even easier than just telling them the password!

And those are not the only common types of passwords people love to use.

Are you a fan of a sports team like Liverpool and thinking of using their name as a password? Around 500 million had the same idea, according to Cybernews.

Or, is your name Alex and you think that it would be a perfect password? So do 7+ billion other password users.

Look, the only way passwords like these can protect your account is if the hacker is absolutely sure there is no way in hell you would be so dumb using them, so don’t be.

  1. Use Every Type of Character at Your Disposal#

    When you’re writing something, you don’t just use small caps, for instance, do you? No, you use lower caps, upper caps, special characters to punctuate things and numbers when needed.

So why are you using just one of those in your passwords? Because it’s more convenient? So is using only one when writing and still you wouldn’t think of doing this.

Your passwords should ideally use all of these (capital letters, small letters, numbers and special characters).

For example, if you’re so keen on using the word “password” as an actual password (we still don’t recommend this), you might mix it up a bit and use something like “P4$$w0rd” instead, which would be at least a little harder to crack.

  1. Don’t be Predictable#

    One extremely predictable thing people do when creating passwords is to simply attach a number or a sequence of numbers at the end of the same password.

So, for instance, you might get something like “password1”, “password2”, “password3” and so on.

Hey, they haven’t reused the password but they might have as well.

But let’s say they followed the advice to use every type of character in their password. That’s great. Except that in most cases, it will look something like this “Password#1”.

I mean, look, everything is there. There’s the capital letter “P”, some small caps, a special character “#” and a number “1”. So what’s the problem?

Well, the problem is that most people write this way and it’s highly predictable. That’s not something you want when it comes to passwords at all.

Instead, you want to mix it up a little and maybe make a password look more like this “p4$$W0rδ”.

  1. Use Longer (but Not too Long) Passwords#

    When it comes to password length, most websites will have certain requirements when it comes to length and won’t allow you to use extremely short, 4-5 character passwords, for instance.

The minimum accepted password length for most websites is 8 characters long, but even this is often not sufficient to protect your account from a determined password cracker.

According to LMG Security penetration testers, any 8-character password can be cracked in less than 8 hours. And that goes for passwords that properly use uppercase, lowercase, symbols and numbers as well.

Now, add just two characters and it now takes 8 years to crack such a password. Two more and it’s 77,000 years and so on.

So, what’s the logical conclusion here?

That the longer the password, the more time it takes to crack it, right?

But there’s a disadvantage to this that you need to consider.

Long passwords are more difficult for hackers to crack, but they’re also more difficult for the user to remember.

So, while a 30-character password, for example, might take I don’t know how many quadrillion years to crack, it will be useless to you if you forget it, so keep password length at an optimal 12-16 character length.

  1. Don’t Share Your Password#

    Sharing is wonderful. We should all be sharing more with others.

But the one thing that you shouldn’t be sharing is your password.

And still, that’s something that 43% of Americans do according to the Google/Harris Poll report.

“But I’ve only shared my password with my significant other”, I hear you say. Yes, but would you remember to change the password if you two break up? Because only 11% of those who shared a password with a significant other remembered to do that.

Share a bottle of wine, a nice chocolate cake, or just your time with them, but maybe not your email password, or at least remember to change it if things don’t work out between you two.

  1. Update Your Passwords (but Only if They are Compromised)#

    I just gave you one reason to change your password. If you previously shared a password with someone and you are no longer on good terms with them, they might use this to take revenge or will simply share it with someone else not caring.

Of course, this isn’t the only reason to update your passwords periodically.

Give a hacker enough time and resources and they will eventually crack that password you made 5 years ago.

So, how often should this be?

Well, for a long time, the common advice you’d get would be to change the password every 1-3 months. However, that’s actually counterproductive for your account security.

Why? Well, if you frequently change passwords, there’s also less chance for you to remember them and that might mean that you’ll use weaker passwords.

The NIST (National Institute of Standards and Technology) discourages frequently changing passwords in their recommendations.

Instead, they recommend doing it only if the password might be compromised, saying:

“When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.”

One way to know if your email or other accounts have been in a data breach is to check HaveIbeenpwned. Simply enter your email and it will tell you if it’s been in any data breaches. If it was, then change the password.

  1. Use 2FA (Two-Factor Authentication)#

    Regardless of how strong and unique a password is, there are always ways it can get into the wrong hands. And if it’s the only protection on your email or another account, it’s just not sufficient.

Simply put, relying solely on passwords won’t do the job.

Instead, you should add another layer of protection in the form of a verification method known as “two-factor authentication” or 2FA.

This can be a PIN, token, SMS message, biometric scan or something else that only you would either possess or know. By adding this on top of your username/password, you will greatly increase your account security even in situations where the password is compromised.

  1. Use a Password Manager to Store Your Passwords#

    Having trouble remembering your 50+ passwords (it’s not a joke, the average user does indeed have 100 passwords according to one study done by NordPass in 2019)?

That’s okay, you can just write them all in a notepad file labeled “Passwords” and keep everything nicely organized.

Or you can allow your browser to remember the passwords for you.

Wrong on both of these.

Look, I have trouble remembering 5 passwords, let alone 50 or 100 and I keep forgetting passwords all the time just like you, but the last thing you should be doing is to keep your passwords on an unsecured notepad file or written on a piece of paper or letting your browser remember them.

One study conducted by OnePoll revealed that 65% of people will forget a password unless they write it down somewhere.

Another interesting study, led by Rutgers University and Aalto University, published in August, 2018, went into the psychological reasons why people forget their passwords.

The study proposes that:

“Human memory naturally adapts according to an estimate of how often a password will be needed, such that often used, important passwords are less likely to be forgotten.”

If this is you (and I bet you are), there’s a better way to store your passwords and it’s called a password manager.

Conclusion#

The idea of a word or a phrase that you would use to access something is as old as human history itself.

Back in the days of ancient Rome, different units had their unique “watchwords” that proved you were their member.

In the 1920s, during the prohibition, the only way to enter a “speakeasy” and get a glass of “The Bees’ Knees” was to know a particular password or you’d get the “don’t know what you’re talking about, see” from the pinstripe suit-wearing guy a the door.

The first digital password was made in 1961 by Fernando Corbato, a science computer professor at the time at MIT, who devised this as a way to give students access to a private terminal on the time-sharing computer he built at the time.

Of course, it was a lot easier for the Roman legionarius, the 1920 guy who wanted to show his “gal” some good time, or the 1961 MIT student. They only had that one password to remember, while we today have dozens.

But it’s much more important for us today to keep our passwords safe as they are often tied to accounts that contain our sensitive information, like our email.

For this reason, I hope these 10 password best practices will help keep your email and other online accounts secure.

Your Email Has been Hacked! Now What?

alt_text

Hacking emails is a favorite pastime for most cybercriminals and it could happen to you as well.

Therefore, in this article, we’ll talk about how this happens, how to recognize if your email has been hacked and what to do when this happens.

How are Emails Hacked?#

There are three main ways in which your email can be hacked:

  1. Phishing

Phishing is a technique in which the attacker sends a seemingly legitimate message to the email user and tricks the user into visiting a fake website where the user can unknowingly “verify” their information and thus give the hacker their login credentials.

The attacker, which usually pretends to be a legitimate business, like a bank that the user might be a client of, for instance, will often either create a fake (phishing) website that looks almost identical to the real one, or they will send malicious software via an infected URL link.

  1. Man in the Middle Attack (MitM)

A Man in the Middle Attack (MitM) happens when a hacker secretly infiltrates a direct communication between two email users without them knowing.

Since the users are unaware that there is a third person listening in on their communication, the hacker can this way get to a lot of sensitive information before they are found out.

If you want to know how your email messages travel the Internet (how email works), check out this article about it.

  1. Password Guessing

Password guessing is a very simple, yet often effective technique by which a hacker can get your email password.

There are two types of password-guessing attacks:

  1. Dictionary Attack: In which the attacker uses a dictionary of common words to identify the password.
  2. Brute Force Attack: Where the attacker tries every possible combination or password until they find the right one.

How to Tell if Your Email is Hacked?#

alt_text

You may not even know that your email has been hacked. Luckily, there are 4 tell-tale signs that something is wrong with your email account:

  1. A Friend, Family Member, or Colleague is Asking You Why You’re Sending Them Spam

Nobody likes spam messages and that’s certainly no way to make friends. So you can understand the confusion from your friends, family members, or colleagues when they receive spam from you.

This is a sure sign that your account has been compromised and the hacker is using it to send messages in your name.

  1. There’s Something Strange About Your Outbox

Hopefully, you are keeping your sent messages folder neat. However, you may see some strange and even spam messages in there that you definitely didn’t write.

Well, someone else did and that someone has managed to hack your email account.

  1. Your IP Address is All Over the Place

An IP (Internet Protocol) address is a digital address of your device on the Internet and it’s always the same. However, if you see a different IP address in the IP log that is a sign that someone has been logging in to your account from another location.

Of course, if you’ve been using a VPN (Virtual Private Network), your IP will be routed to a different server and will be different because of it.

  1. You are Unable to Log in to Your Email Account

Finally, the biggest “your email account has been hacked” sign is if you get a “username or password incorrect” message.

What this means is that a hacker has taken control of your account and has changed the password.

What to Do if Your Email Gets Hacked?#

alt_text

So what should you do if your email gets hacked?

First, do not panic, for sure.

Here are a few things that you should do instead:

  1. Immediately Change Your Password

One of the first things that the hacker will do if they get control of your email account is to change your regular password so they can lock you out of your own account.

Because of this, time is of the essence here so you need to act quickly to any sign of a potentially compromised account by changing your password immediately.

When choosing passwords, always keep these rules in mind:

  • Use a different password for each account (email, social media, etc.)
  • Use a strong password (at least 12 characters long, including lower and uppercase letters, numbers and special symbols)
  • Don’t tell anyone your password (this goes double for your email password)
  1. If You Can’t Change the Password, Use the Email Recovery Service

Okay, but what if the hacker was faster than you and has managed to change your email password before you had the chance to act?

Well, this is where those security questions that your email provider had you fill out when you first opened the account will come in handy.

What you can do if you’ve been locked out of your email account is to use the email provider’s “forgotten password” option. This will take you to a dedicated webpage where you recover your account.

Speaking of email providers, here are the 9 most secure server-based email services and why it’s better to use a decentralized one like Telios.

  1. Check Your Computer for Viruses and Malware

A hacker will often use some kind of malicious software or virus to take control of your email account.

Usually, they will deliver these through an infected link sent to you in a phishing email.

If you notice your device working sluggishly or otherwise acting strangely, this could be a sign that it has been infected. Be sure to set up an automated scan to find and root out any malware and viruses from your device.

  1. Check Your Other Accounts

Since your email is connected to your other accounts, like social media, they could be compromised as well.

Are you seeing any strange posts that you know you’ve never sent, like perhaps posts about some scammy product or service that you never used on your social media? That could mean that your social media account has been compromised too.

  1. Warn Your Contacts

Finally, you should warn your contacts that your email has been hacked and that they shouldn’t trust any messages that come from it.

Often, fraudsters will use a hacked email account to send messages to its contact asking them for money and scamming people in your name.

Conclusion#

Account Takeover (ATO) increased by more than 300% between 2019 and 2021 according to the Q3 2021 Digital Trust & Safety Index report by Sift. A large part of this is, of course, email ATO.

If this happens to you you might be a victim of identity theft or other fraud which could cost you hundreds or thousands of dollars for individuals or millions for businesses.

Obviously, this is something that you want to avoid and hopefully this article will help you identify the red flags that your email has been hacked and what actions to take if this happens to you.

Also, make sure to check out our 20 email security best practices to know how to protect your email privacy and security.

Telios Becomes Wave 1 Grantee for Coreum’s Blockchain Network

alt_text

Coreum, a 3rd-generation layer-1 enterprise-grade blockchain recently revealed the wave 1 of the grantee projects that will be built atop its network and we are excited and proud to announce that Telios is among them.

This first round of grantees is focused on DeFi protocol and wallet components and is backed by the Sologenic Development Foundation.

Bob Ras, co-founder of Sologenic said:

“During the bear market, when many cryptocurrencies and projects are declining in value, big players are getting back to the fundamentals by placing investments into the underlying technology - into Layer-1 projects. As an enterprise-grade blockchain, Coreum’s modular and interoperable design provides the core infrastructure necessary for these grantee projects to flourish, especially amid these market conditions.”

Five other grantees besides Telios were selected for the initial round, including:

  • Amber - a free-to-play NFT game and metaverse platform in which players can play games, connect, trade virtual property (NFTs) and create worlds.
  • CO2mmon - German/Hungarian startup that promotes sustainable and eco-friendly mobility through rewards and gamification with the goal of reducing emissions.
  • D’Cent Wallet - Enhanced hardware crypto wallet built on the highest security standards.
  • Stably - Provides regulatory-compliant stablecoin infrastructure and multi-chain fiat on/off ramps for new and emerging blockchain that seeks to connect DeFi and TradFi via stablecoins.
  • Zeeve - Enterprise-grade no-code Blockchain Infrastructure Automation platforms that enables easy deployment, monitoring and management of Blockchain nodes and networks

Telios would like to use this opportunity to congratulate the all other fellow grantees with the hope that together we bring Web3 closer.

About Coreum

Coreum is an enterprise-grade blockchain built by the Sologenic Development Foundation. It brings low-latency proof-of-stake blockchain to a wide range of audiences looking to access a multi-chain future and has the ability to process up to 7000 transactions/second.

About the Sologenic Development Foundation

The Sologenic Development Foundation is a community of developers working together on open-source projects around the CORE and SOLO tokens.

20 Email Security Best Practices Every User and Business Needs to Know and Implement

For many organizations as well as individuals, email is the primary form of online communication. It’s free, reliable and easily accessible, which is why there are over 4.2 billion email users around the globe in 2022.

However, it is also very vulnerable to different online threats, including spam and phishing and to protect against them, here are 20 email security best practices every user needs to know and implement.

1. Use More Than One Email Account#

According to the Global Statistics in Account Takeover Fraud for 2023 by SEON, 22% of US adults have been a victim of account takeover (ATO) fraud. This includes email, social media, online banking and credit cards.

Email is often a target for different scammers, hackers and other bad actors, and they would like nothing more than to take over your account and use it for their personal benefit.

This is why it’s important to have several email accounts. That way, you can separate your business and personal communication, have a third one for social media, or sign up for websites and online shopping, etc.

2. Use a Different Password for Each Account#

An average US email address is connected to 130 online accounts, according to the 2020 Digital Guardian survey.

Naturally, all of these accounts require passwords and remembering more than 100 passwords is very tricky. This is why a lot of people are reusing the same password on multiple, non-sensitive accounts (49%) or use the same password on all their accounts (11%).

Obviously, this is a dream come true for hackers as you are giving them the same key for all your accounts, not just email. That way, even if the hacker manages to breach one of those passwords, only the account associated with it would be compromised.

3. Use Strong Passwords#

In a way, life was a lot easier before the Internet (yes, I am that old to remember some of that time). There just weren’t so many things competing for our attention like YouTube, social media, streaming services, online shopping, etc.

On top of all that, you also have to think about passwords. Well, one way to make life easier is to make your passwords easy to remember, right?

Wrong!

It takes only 2 seconds to brute force a 7-character (using upper-case and lower-case) password, as shown in this table by Hive Systems.

Compared to that, a 12-character password, that includes upper-case and lower-case letters, numbers and special symbols, takes 3,000 years to crack.

4. Don’t Give Out Your Email Password#

Of course, no password is truly secure if you’re just going to give it away to anyone.

You should never give out your email password, either directly, over email, or over the phone.

No reputable company will ever ask you for your account password so if you get a request like that, this is a scam 99.9% so always keep your passwords, especially for your email.

5. Update Your Password From Time to Time#

One cybersecurity piece of advice you might have heard is to change your passwords frequently.

In fact, many cybersecurity “experts” recommend changing your password a few times per year, with some even saying you should do it every 30 days.

This advice, however, is outdated and there’s really no need for this if you followed our email security best practice number 3 - use strong passwords.

In fact, according to the US Department of Commerce National Institute of Standards and Technology’s (NIST) Digital Identity Guidelines, you should only change passwords that are either:

  • Commonly-used
  • Expected, or
  • Breached

If your password is already unique, strong and not compromised, there is really no need to change it.

6. Don’t Give Your Email Address to Everyone#

There’s really no need to give out your email address to every online business out there that you will only interact with once or twice.

One good email security advice that I don’t hear often is “be stringent with who you give your email address”.

At the very least, if you absolutely must give it away, don’t use your main business or personal email address. That way, you can at least avoid spam on your main email accounts.

7. Use 2FA#

No matter how strong the password you’re using is, it can get compromised in a data breach, phishing scam, or through spyware and other malicious software. Or, you might not have followed email security best practice #4 - don’t give out your email password.

Whichever the case, having an additional layer of security in the form of two-factor authentication (2FA for short) will help keep your account more secure.

Basically, 2FA will only let you log in to your account if, in addition to the username and password you can also provide a third authentication method.

This can be:

  • Something you know - PIN, token, security question, etc.
  • Something you are - fingerprint, iris scan, voice recognition, face scan, etc
  • Something you have - an ID card, security token, etc.

8. Understand Phishing and Other Email Scams#

According to the APWG Phishing Activity Trends Report for the 4th Quarter 2021, phishing attacks have tripled in December 2021 since early 2020.

Even if we look at the three months of Q4 alone, we can see that the number of unique phishing sites detected increased from 267,530 in October to 316,747 in December 2021

However, the number of brands targeted by phishing campaigns dropped from 624 in October to 521 in December.

Phishing attacks are getting more and more sophisticated and cunning and bad actors can take advantage of your slightest mishap so understanding their tactics is important if you want to keep your email account and data secure.

9. Avoid Downloading or Opening Untrusted Attachments#

Speaking of phishing, one common goal cyberattackers have is to get you to download or open an attachment they send you.

If someone you’ve never met in your life approached you on the street and handed you a package, would you take it?

Of course not so why would you do that with some Internet stranger?

Remember that “curiosity killed the cat” and there is nothing good to be had by being curious about unsolicited email attachments so just ignore them.

10. Avoid Clicking on Suspicious URLs#

However, people have become wiser about phishing schemes over the years and by now they know enough not to open unsolicited attachments. In fact, according to Tessian’s Must-Know Phishing Statistics (updated in 2022), 76% of phishing emails today don’t even include an attachment.

They do, however, include URLs that can redirect you to phishing websites. These websites can look almost identical to legitimate websites where the user is tricked to leave their sensitive data or they’re linked to malicious documents and will automatically download malware to your computer.

This is why always be sure to thoroughly inspect the URL before clicking on it to know if it will lead you somewhere legitimate.

11. Don’t Reply to Spammers and Scammers#

There is no get-rich scheme and if someone offers you one, simply ignore them since they’re a scammer.

Don’t even acknowledge their existence by replying.

12. Use an Encryption Extension (If You’re Using Gmail)#

Gmail is not secure and there are plenty of reasons to drop it.

However, it is super convenient and easy to use. Not to mention it’s free, so for most people, it’s perfect as a personal email, although not so much as a business email.

Fortunately, you can make Gmail more secure by using a Chrome extension like Mailvelope, which will allow you to send PGP encrypted messages.

13. Use an End-to-End Encrypted Email#

The problem with using Gmail encryption extensions is that, at the end of the day, you are still using a Google product and they don’t have a very good record of not looking into people’s data from time to time.

If you really want to keep your emails private, consider using an email service that focuses on security and privacy. Fortunately, there are more and more secure email providers today that do this and offer end-to-end encryption by default.

14. Avoid Logging in to Your Email on Public Networks#

If you’re at an airport, park, cafe, or anywhere where there’s a publicly available WiFi network, don’t expect it to be secure.

Often, these networks require no password to enter and someone could monitor the network for your actions and access your email account and personal information.

If you absolutely must use public WiFi, use a VPN, finish what you want and log out.

15. Be Careful Which Devices You Use#

A lot of companies have a “Bring Your Own Device” (BOYD) policy. Basically, what this means is that you can bring your own computer and log in to your business email from it.

This creates at least two major potential security problems:

  • Your device might already be infected with malware and logging into your business email might compromise it as well
  • There is an increased risk of getting your device stolen

If you’re going to bring your own device to work, don’t lose sight of it.

16. Log Out When Finished#

Again, this applies more to using email at the office or on public computers (like in a library for instance).

Someone walking in to use that computer after you can simply continue where you started if you leave your account open.

It’s not enough to just close the window by clicking on the “X” in the corner. Make sure to log out of your email as well as clear your browsing history before you leave.

17. Install an Antivirus Program#

Despite all the precautions, you might still get malware or a virus from an email.

Don’t worry, it’s not the end of the day if you have a good antivirus or antimalware program installed on your device like Norton or Kaspersky for instance.

18. Don’t Give Away Your Personal Information via Email#

If you get asked for your social security number, credit card information, password (see email security best practice #4) , or even a seemingly innocent piece of information like “when is your birthday?”, don’t give this information away via email.

They absolutely don’t need to know that and no reputable business will ask you for this.

19. Review Your Email Security and Privacy Settings From Time to Time#

Always remember that email attacks evolve and the defenses and security measures that you put up two or three years ago may no longer be enough today.

This is why you should periodically go through your email security & privacy settings and update them to better handle new threats.

20. Educate Your Employees (and Yourself) on Email Security Best Practices#

Finally, keep in mind that your employees or you yourself are not email security experts and a lot of the stuff we just said in the previous 19 email security best practices can go over their (or your) heads.

This is why you need to educate and train your employees and yourself on these.

Conclusion#

And there you have it. We know there’s a lot to take in, but email security is not a simple topic so, hopefully, these 20 email security best practices will help you keep your email more secure.

What is a Blockchain Email? Pros, Cons & the Future

Ever since the success of Bitcoin, Ethereum and other cryptocurrencies, developers and entrepreneurs have been looking at what other applications could the blockchain have.

One such application that is gaining momentum is email over blockchain. But what are its pros and cons and, more importantly, what is its future?

Blockchain Email Pros#

There are a couple of benefits that blockchain email offers, including:

1. Improved user privacy#

Since the blockchain is itself decentralized, meaning there is no central server with its vulnerabilities, users won’t have to “pay” for it with their data as is the case with “free” email services which collect that data and then sell them to advertisers.

2. Better security#

A blockchain is a public ledger that, while anyone can see the transaction made on, you can’t change entries.

The only way for the blockchain to be attacked is if the attacker could gain control of more than 50% of the hashrate. Since there could literally be thousands of nodes, that’s for the most part out of the question.

3. Peer-to-Peer communication#

Blockchain also eliminates the presence of a third-party service provider that would essentially have control over your data as it sits on their servers.

4. Better authentication#

Authentication is one of the biggest problems of traditional email, leading to spam, email spoofing, etc.

While this has been largely mitigated with tools such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance), email forging is still an issue.

Blockchain, however, is an immutable (meaning, it cannot be modified) set of records authenticated by each node/computer, so it can easily verify and authenticate that you are receiving an email from a trusted sender and not a bad actor.

Blockchain Email Cons:#

So why isn’t everyone jumping on the email over blockchain train? Well, there are a few disadvantages that we need to address as well:

1. It is often “members only”#

One of the problems that blockchain email platforms often have is that you can only email users of that platform. Since we are not talking about platforms with Gmail-like user numbers, but a few thousand at best, this creates a sort of “members only” situation.

Very often, even if you can message someone on another platform, a lot of the features that make that particular email service shine can’t be used with the outside platform.

2. Huge storage requirements#

An average email is 75KB. Not a lot, right? Now multiply that by the number of emails sent every year (more than 100 trillion and you have an enormous storage problem.

Each node in the network needs to store its own copy of the blockchain, which creates a pretty big scalability problem.

Email over Blockchain Potential#

Blockchain email probably won’t ever reach the popularity of cryptocurrencies, smart contracts, NFTs and other blockchain applications, at least not when it comes to private users, the majority of which will stick to convenient free email services like Gmail.

However, the enhanced privacy and security that it offers, as well as the authentication, could make it very attractive for businesses looking for a better anti-fraud solution.

Public Key vs Private Key Cryptography - What’s the Difference?

When it comes to cryptography and protecting your sensitive data, two terms are crucial - public and private keys.

This is because they are used to encrypt and decrypt data.

In this article, we’ll explain what these keys are, what they do and what the difference is between public key vs private key cryptography.

What is Private Key Cryptography?#

In private key cryptography, one key is used to both encrypt and decrypt the data and is then shared between the sender and the recipient.

This key can be a QR code, 64-digit hexadecimal code, 256-character binary code, etc.

The idea is just that it needs to be very long, non-guessable and random (or pseudo-random). The reason for this is that a short and guessable private key can be brute-forced by a determined hacker.

Since the private key is shared, this type of cryptography is also called symmetric.

What is Public Key Cryptography?#

In public key cryptography, there are two keys - private and public. Hence, this type is also called asymmetric.

One key, public, is used to encrypt the data from plain text into cipher text and this key can be freely shared. The other key, private, is used to decrypt the data from ciphertext back into plain text and this one is kept secret and held by the recipient.

Difference Between Public Key vs Private Key Cryptography#

There are a few distinct differences between public key vs private key cryptography.

Public Key CryptographyPrivate Key Cryptography
AsymmetricSymmetric
Used two keys. One (public) to encrypt and the other (private( to decrypt dataUses only one key (private) to both encrypt and decrypt data
One key (public) can be freely shared, while the other (private) needs to be secretly keptThe key is always kept secret
SlowerFaster
The public key can be shared freely, but the private key is shared only between the sender and recipientThe private key needs to be shared between the sender and recipient only
No danger of key loss since it is held publiclyIf the key is lost, you can lose access to the system
Uses RSA algorithmUses AES algorithm

Conclusion#

So which one is better? Private or public key cryptography?

There’s no clear “winner” here since both types offer a different purpose and have different advantages and disadvantages.

In general, private key cryptography is better in situations where you work with large databases and closed systems and where speed over privacy is more important.

On the other hand, public key cryptography works better when sharing data across an open network, like email, which is why it is used in end-to-end encryption.

What are the Most Common Email Server Security Vulnerabilities?

Almost all of our data is stored on a server, making this an attractive target for malicious attackers. This goes even further for email servers as email is still one of the most popular ways of communicating online, especially for businesses.

If your email server is compromised and threat actors can gain access to the confidential information within it, this will result in financial losses for your company and losing valuable customers.

So let’s take a look at the most common vulnerabilities of email servers to better protect your data on them.

6 Most Common Email Server Vulnerabilities#

There are 6 most common email server vulnerabilities that you ought to pay attention to. These are:

  1. Data leakage
  2. Unauthorized data access
  3. DoS
  4. Malware
  5. Spam
  6. Poor performance and stability

Let’s explore each potential vulnerability and give you a way to prevent it.

Data Leakage#

Why do hackers attack email in the first place?

There can be several reasons, but the number one is that they want to get to the sensitive data of its owner (you, for instance).

The problem with email is that it was never built for security, but instead for ease of use. This is why your incoming and outgoing emails can be vulnerable to data leakage and a determined attacker.

The best way to protect your email data is to always use end-to-end encryption for both incoming and outgoing emails at end-points (sender and recipient), use TLS (Transport Layer Security) for emails in transit (while it travels between sender and recipient) and to use email protocols such as SMTP, IMAP and POP3.

Unauthorized Data Access#

No amount of encryption will save you if your last line of defense is weak.

What is this last line of defense?

Your password.

Unfortunately, only 35% of people use a different password for all their accounts, while 75% reuse the same password for all or some of their accounts, according to the 2019 Online Security Survey by Google and Harris Poll (yes, even Google says it's bad).

Now, expect that hackers will be even more inclined to try to bypass your email server’s authentication procedures to get access to the data in it, making password protection a must.

So how do you protect email server passwords?

The first thing you want is a strong password that can’t be easily brute-forced. That means at least 12 characters, including small and capital letters, numbers and special characters.

Here’s the difference that just 3-4 characters can make.

According to penetration testers at LMG Security, an 8-character Microsoft NT LAN Manager password can be cracked in less than 8 hours, while it would take 77,000 years for a 12-character password.

Denial of Service (DoS) Attacks#

Sometimes the attacker is not after the data that the email server contains, but instead wants to disrupt its service and prevent it from sending and receiving data.

Denial of Service or DoS is a type of cyberattack in which the attacker renders the server temporarily unavailable to its users by flooding the server with requests until the server can no longer cope with the traffic.

What is the solution?

Tprevent a DoS attack, you will need to limit how many connections you allow for the SMTP server, including both overall and simultaneous ones.

Malware#

Like your personal or business email account, an email server can also be vulnerable to malicious software or malware.

In fact, malware will spread to the mail server via an infected email, which in turn was infected via an attachment most likely.

In order to prevent malware from infecting your server, you need to use third-party antivirus and antimalware security software like Kaspersky, Norton, etc, that are designed to detect, quarantine and destroy malware.

Spam#

Although the ratio of normal-to-spam email messages in recent years has decreased from 71.1% of all emails being spam in April 2014 to that percentage being 45.37% in December 2021, according to Statista, spam is still a huge problem.

The main reason you might be sending email spam around is if you configure the SMTP server as an Open Mail Relay. This allows anyone on the Internet to send email (including spam) through your server.

To prevent this, configure your email server so that it only sends from authorized domains and IPs.

Poor Server Performance and Stability#

Email servers can at any moment stop working, their performance might decrease due to an attack or simple wear-and-tear.

To extend the lifespan of your email server and, more importantly, ensure uninterrupted service, you should enable SMTP authentication. This will protect the server from attacks in which the hacker sends numerous sent requests.

Additionally, you always need to have a backup server in case your main server stops working by having two MX records per domain.

Conclusion#

As you can see, sending emails through a server is not always the best. This is why Telios email service allows you to send emails directly to the other person (via a peer-to-peer network) instead of through a server if they are online.

If the recipient is offline, Telios uses decentralized cloud storage to temporarily store your email until the other person is online.

Get Telios email today to protect your privacy and security.

Cloud Storage vs Local Storage - Which One will Better Protect Your Data?

We live in a world where data, especially our private and sensitive data, is a very valuable commodity so we need a place to store it that is both easy to access and secure.

You have two options. Cloud storage vs local storage.

In this article, we’ll explore which of the two, cloud or local, will better protect your data.

Cloud Storage vs Local Storage Main Differences#

First, it’s important to understand the difference between cloud storage and local storage.

In cloud storage, your data is stored on a remote server that you can access via the Internet. Think Google Drive, Microsoft OneDrive, iCloud, etc.

Local storage, on the other hand, is one where your data is stored on a local device (on-premises) such as the hard disk drive on your computer or a USB flash drive in your pocket.

So, now that we know the differences between the two, let’s take a look at their pros and cons.

Cloud Storage Pros#

  • Easy to access. As long as you have an Internet connection, you can access whatever data you have stored on the cloud at any time and any place.
  • Promotes collaboration. With more and more people working remotely, this can be a challenge when you need to share data with a colleague. Luckily, this has been made easier with cloud storage and all you need to do is usually give them access to a specific file you want to share with them.
  • No danger from physical damage. Your local storage device can be damaged physically, corrupted, or lost. Cloud storage will always be there and so will your data (until you delete it).
  • Free storage. For an average user, who only needs limited storage for personal use, cloud services offer free storage. For instance, Google Drive offers 15 GB, OneDrive 5 GB, iCloud 5 GB and so on.
  • Automatic backups. One of the most difficult things to do with local storage is to backup your files. But it’s also one of the most important things to do if you want to prevent losing your data. With cloud storage, however, you can automatically backup your data to the cloud and thus preserve it.
  • No maintenance costs. This is especially important for businesses that run on-premises servers. One such server can cost $150 - $300 just to monitor and maintain. This is a fee you won’t have to pay with cloud storage.

Cloud Storage Cons#

  • You don’t own the servers or the system. You only rent the servers. Now, nobody is going to kick you out to make room for another user (there’s plenty to go around), but ultimately the cloud service provider controls access to your data.
  • The cloud storage provider controls the security. Another thing that the cloud storage provider controls is the security. And it's often lackluster. This also means that cloud storage is more vulnerable to data breaches and every year you can hear about a few.
  • Cost increase. Let’s face it. 5 or even 15 Gigabytes isn’t all that much. Store a few movies, some music albums and you’ve reached the limit. Cloud storage is okay if you have GBs of data, but when you start dealing with terabytes (TBs) or higher, that’s where costs can significantly increase.
  • No Internet, no data access. The very same thing that makes cloud storage easy to access can also make it difficult. What happens when you don’t have the Internet? Simply, you can’t access your data.

Local Storage Pros#

  • Full control. With local storage, you have full control and there is no danger of losing access to your data like with cloud storage.
  • Not reliant on Internet access. As long as you have your device with you, you can access your local storage and the data on it anytime, anywhere. You are not reliant on the Internet service and your access to it.
  • Better for customization. With cloud storage, you don’t have many options if you want to customize the equipment. Whatever the provider serves you, that’s what you have to use. With local storage, on the other hand, you can buy another hard disk as an individual user or physical server if you’re a business.
  • Sometimes it makes data transfer faster. Again, this depends on the Internet, but if you have a large file to share and low bandwidth, sharing the file locally can be faster and easier via a flash drive.
  • Better security. We already mentioned that cloud storage security can be lacking. Using local storage gives you the freedom to set your own security, install whatever solutions and software you deem appropriate and thus protect your data. For instance, with cloud storage, you can’t use end-to-end encryption (E2EE) but only TLS, whereas with local storage you can (and should).

Local Storage Cons#

  • External damage. Like we said earlier, your physical device can suffer from external damage which can cause you to lose access to the data on it. Fire damage, water damage, theft, loss, etc are all very real threats that you have to deal with if you are using local storage.
  • Higher costs. If you’re a business and need a local storage server, you’ll need to be prepared for a few costs, including purchasing the server, installing it, maintenance and so on. According to Intelligent Technical Solutions a server can cost from $5000 and above and the cost will depend on a lot of different factors including its form factor (tower, rack, or blade), CPU, RAM, storage and power supply.
  • Not that good for collaboration. File sharing is less efficient with local storage than with the cloud. This can be a problem both if you need to share data with someone else or if you are moving it to another device. Your options, in this case, are: 1) a flash drive; 2) a SATA cable; 3) a USB 3.0 cable transfer.

Conclusion#

So which one is better? Cloud storage vs local storage?

The thing is, both have their place and purpose and this is what you should primarily look for when you’re deciding between the two.

Cloud storage can be more convenient to use, but you don’t have a lot of control over it. On the other side, local storage can incur higher costs, especially for a business, but offers better customization and security.

At the end of the day, the sensitivity of your data should determine whether you should use cloud or local storage. For less sensitive data and non-personal data, cloud storage will be just fine. However, for sensitive and personal data, local storage is a much safer option.

9 Most Secure Email Services of 2022 and the Problem with Server-Based Emails

9 Most Secure Email Services of 2022 and the Problem with Server-Based Emails#

The need for a good and reliable secure email service has drastically increased in the last couple of years so it’s a good thing that there are more and more such services to choose from these days.

In this article, we have compiled the 9 most secure email services you can check out if you’re looking to protect your online data. Make sure to read until the very end as we left a little warning about these services.

ProtonMail#

If you only heard yesterday that there is such a thing as a secure and private email provider, there’s a very high chance that you heard about ProtonMail.

ProtonMail is by far the most popular secure email service around and it is available on both desktop and mobile for different OS including Windows, macOS, Linux, Android, iOS, Tor, etc.

It’s an open-source service, based in Switzerland with strong end-to-end encryption and includes zero-access encryption, meaning that you are the only one who will know your password or have the decryption key for it (even ProtonMail doesn’t).

Features:

  • Open source
  • Servers in Switzerland
  • End-to-end encryption
  • Zero-access encryption
  • Self-destruct emails

Mailfence#

Mailfence is another popular private email, which started as a business email in 1999.

One feature that separates Mailfence from other similar providers is a built-in Keystore, which allows you to manage your OpenPGP encryption keys and send encrypted messages to non-PGP users.

In addition, Mailfence also provides digital signatures, to prove that whoever sent the email is the actual author, something that other providers lack.

Features:

  • Digital signatures
  • Built-in Keystore for managing encryption keys
  • Can send encrypted messages to non-PGP users
  • Can import contacts from Gmail, Outlook, CSV files and more
  • End-to-end encrypted

Tutanota#

Tutanota is different from the other private emails we mention here in that it doesn’t use PGP for end-to-end encryption.

Instead, it uses AES and RSA, which allows Tutanota to combine asymmetric and symmetric keys. You can read more about the differences between the two here.

Other than that, Tutanota offers everything you’d normally expect from a secure and encrypted email service.

Features:

  • Based in Germany
  • End-to-end encryption
  • Uses AES and RSA instead of PGP
  • 2-Factor authentication
  • Strips metadata
  • Unlimited messages in the free version

Hushmail#

Hushmail is a Canada-based secure email provider that is HIPAA-compliant and as such a very good choice for healthcare workers and patients who want to protect their private health information.

Of course, they also have plans for small business, law, or personal use, so you’ll be covered there as well.

Features:

  • Servers are in Canada
  • PGP E2EE
  • 2-Factor authentication
  • IMAP/POP3 support
  • HIPAA compliant
  • Secure web forms

StartMail#

StartMail is a PGP-based email provider that also allows its users to send encrypted messages to non-PGP users, provided they know the answer to a secret question.

Another good thing about StartMail is that it hides your IP, which can be used to track you online.

Features:

  • Based in the Netherlands
  • PGP encryption
  • Can send encrypted messages to non-PGP users
  • Hides your IP address

Runbox#

Runbox is a Norway-based secure email provider that uses renewable energy from hydroelectric power plants to power its servers.

It uses PGP encryption and 2-Factor authentication and also features IMAP, POP, SMTP and WAP support and allows you to whitelist IP addresses to access your email account to see the failed and successful login attempts

Features:

  • Norway-based
  • PGP encryption
  • 2FA
  • IP whitelisting
  • Support for IMAP, POP, SMTP and WAP protocols

Mailbox.org#

Mailbox.org is not just a secure email provider, for business users, but it also offers a calendar, cloud storage, address book, video conferencing as well as a task planner.

Of course, this is all encrypted using Pretty Good Privacy (PGP) and its servers, which are located in Germany, are also eco-friendly.

Features:

  • Servers located in Germany
  • Eco-friendly
  • PGP encryption
  • Encrypted cloud storage
  • Calendar
  • Video conferencing
  • Address book

Posteo#

Posteo is a popular choice with all those users who, for one reason or another, need to remain anonymous, such as whistleblowers, activists, journalists and so on.

It allows you to both sign up and pay completely anonymously and has a very good migration service so you can migrate your contact list, archived emails, calendar and folder structure from another email provider like Gmail or Outlook.

One thing that’s important to mention about Posteo though is that it doesn’t use E2EE by default, but you need to enable it in the settings.

Features:

  • Based in Germany
  • Open source
  • Anonymous registration and payment options
  • Includes end-to-end encryption, though not by default
  • Supports IMAP, POP and SMTP email protocols
  • Encrypts metadata, email subjects, headers and attachments
  1. PrivateMail#

    PrivateMail is a secure email provider that is based in the United States and that’s its biggest downside.

However, it does offer some useful features like end-to-end encryption for file sharing, secure cloud storage with AES 256 encryption and self-destructing emails.

Features:

  • Servers are located in the U.S.
  • E2EE
  • AES 256 file encryption
  • Secure cloud storage
  • Self-destruct emails

Problems with Server-based Email Providers#

So at the start of the article, we said we had a little warning about these.

What was it?

One thing that all these secure email services have is that they all use servers. There are a couple of issues with this:

  1. The provider is completely dependent on the laws of the country its servers are located in.

That means, even if two users who are located in different countries are using it, with the court (and sometimes without) order, the provider must deliver their emails, metadata and other data.

  1. Some secure email providers will store your encryption/decryption keys.

As such, they will have full access to your private and sensitive data and can give it to whomever they want. This defeats the whole purpose of a secure email provider, which is that only you have access to this sort of data.

  1. Providing backdoors to governments

Normally, the email provider can withhold giving up any user data without a valid court order. However, these companies are often subjected to a lot of pressure from governments to provide a backdoor into their servers.

  1. The carbon footprint

Lastly, data centers and servers can have a substantial carbon footprint and consume a lot of energy. For example, climate researchers from Go Climate measured the carbon footprint of a 2019 Dell R640 server (which is a relatively standard server) and found that it consumes 1760.3 kWh per year, with a manufacturing climate impact of 320kg of CO2e per year.

Now, it should be noted that more and more email providers have started to use green energy, so at least it’s an issue that’s being worked on.

Conclusion#

With a decentralized email service like Telios, you won’t run into these problems as we are using a peer-to-peer network to send emails between two Telios users.

Of course, this will only work if both users are online and both are Telios users. If one of them is offline or a non-Telios user, then the email will have to go through a server, but as Telios is using end-to-end encryption and doesn’t store your decryption keys, your emails are perfectly safe.

Looking for a secure email service? Download our decentralized email service today!

How Do Your Private Email Messages Travel the Internet (How Email Works)?

Email (or electronic mail as it was first called) is decades old but it is still enduring. Today, more than 50 years after Ray Tomlison developed the ARPANET’s networked email system (and so the first email), we are still using it.

Most people know how to send an email. This article isn’t meant to insult you by teaching you that, we’re sure there are guides showing you that on the Internet.

Instead, the purpose of this article is to help you understand the inner workings of email and what really happens to your private email messages as they travel from your computer, through the Internet and to the recipient’s inbox.

Terms to Know#

We’ll be using some terms that you may or not be familiar with to explain how email works. These are:

  • Email Server

An email server, or mail server, is a computer system that sends and receives your email messages. In other words, it ensures that your emails get to the intended recipients.

  • Domain Name System

Domain Name System (DNS) is important not just for email, but for the functioning of the entire Internet. Its purpose is to translate domain names like “Telios” that we humans like into IP (Internet Protocol) addresses such as 192.168.1.1 that machines like.

  • POP

Post Office Protocol (POP) is an email protocol that governs how email messages are received. POP (current version POP3) downloads the email to the local machine and deletes email data on the server once it’s downloaded.

  • IMAP

IMAP or Internet Mail Transfer Protocol is another email protocol that is used for incoming emails just like POP, but with the difference that the email data is not downloaded to the user’s computer and deleted from the server, but remains there.

  • SMTP

Simple Mail Transfer Protocol (SMTP) is a protocol that determines how email is sent from your computer.

  • MTA

Mail Transfer Agent (MTA) checks whether the recipient uses IMAP or POP.

  • MIME

Multipurpose Internet Mail Extension (MIME) is an Internet standard that allows email messages to support characters other than in ASCII and images, audio, video and application program attachments.

How Email Works?#

Okay, with that out of the way, let’s take a look at how email works.

First, how we think email works is:

  1. Compose a message
  2. Hit Send
  3. Message magically appears in the recipient’s inbox

In reality, there’s a lot more going on behind the scenes that we don’t see and we’ll go on to explain this now.

So, how does email really work?

How Private Email Messages are Sent?#

First, let’s take a look at how private email messages are sent.

Say [email protected] wants to send a private email message to his friend [email protected].

First, he needs to click the Compose button in their email client, add [email protected] to the To: field (for the recipient), write the Subject line (basically, the headline for the email message) and type his email message and after all that, hit Send.

Usually, this is where our interest in that message ends and we just need to wait for the reply.

But there’s a lot more going on.

First, your email doesn’t go directly to the recipient’s computer. Instead, the outgoing SMTP mail server picks it up.

Think of the SMTP server as the post office where you hand over your letter for them to send it to someone else. Except that, instead of the postage address, you put the To: and sometimes Cc and Bcc to show who the email is meant for and where it should go.

But, just like the mailman that the post office sends out with your letter can get lost (they can’t know every street address out of their head), so too does the SMTP server need a little help in finding the recipient.

The only problem is that the recipient’s address is written in a format that the SMTP server does not understand. So now the SMTP server needs to ask for help from the DNS server in translating the human-friendly domain name like [email protected] into the machine-friendly IP address like 189.234.55.77.

Having the IP address now, the SMTP server’s next job is to look for the MX (Mail Exchange) server, which tells it where to send the email.

Once it collects all this info, the SMTP server can finally send your private email message to the recipient’s Mail Transfer Agent (MTA).

How Email Messages are Received?#

So now let’s take a look at how email is received.

When the SMTP server hands over the email to the MTA server, the MTA determines whether the recipient is using a POP-based email or an IMAP-based one. Think of this as the mailman figuring out if they should put the envelope in the mailbox or slide it under the door for instance.

MTA can therefore be web-based (accessed through a web browser, like Gmail) or client-based (accessed through a software installed on your computer, like Outlook).

However, before that, the recipient’s server must check if the email is coming from a legitimate source by looking at the sender’s From: address. If the address is a real one, like [email protected], it is validated. However, if it’s not, then it's spam and goes to the recipient’s spam folder.

Finally, the email appears in the recipient’s inbox for them to read it.

Why Is This Method Really Not a Good Way to Send Private Email Messages?#

Remember when we said that email is 50+ years old? Back then, it was just meant to solve one problem:

How to send a message from one computer to the other?

And it did that very well, but we didn’t have hackers, spam, phishing, DDoS attacks and all other kinds of cyber threats that we do now.

Today, your email is susceptible to all of these online threats from the moment you hit Send.

At any point, a threat actor can:

  1. Gain access to either the sender’s or the recipient’s email account
  2. Intercept the email message
  3. Breach the mail server

And get the data from there.

Now, email services like Gmail or YahooMail do somewhat solve the 2nd problem by introducing TLS or Transport Layer Security, which essentially encrypts the data in traffic, and protects it from stuff like Man-in-the-Middle attacks.

However, this still leaves the end-points and the mail server vulnerable and if the hacker gains access to either (all they need is the proper username and password) they can open and read this email without any issues.

This is where encryption comes in. If that message is protected with public cryptography, in other words, it’s first encrypted on the sender’s side with a public key and then decrypted only using the recipient’s private key.

With the email message protected thus, even if the cyber attacker manages to get a hold of it, they can’t do anything without the right encryption/decryption keys.

Conclusion#

But even end-to-end encryption doesn’t entirely solve the problem because the data needs to go through the email server and those can be vulnerable to data breaches and may be storing your private key in an unsecure format.

Telios uses a peer-to-peer network to send encrypted emails without going through the server (between two Telios users). This way, the only person who can truly access your email is you.

Check out and download Telios to protect your private email data from prying eyes today!