If your organisation uses MailShield, you already have a robust defense against incoming email threats. But even the best gateway cannot protect you if an attacker simply logs into one of your accounts using a stolen password.
Securing your credentials is the most critical step you can take to protect your inbox, your company's data, and your sender reputation. Here are the best practices you should adopt to keep your accounts locked down.
Use passphrases, not passwords
We have all been taught to create passwords like P@ssw0rd1!. The problem is that these are hard for humans to remember but incredibly easy for modern computers to guess.
Instead of complex character combinations, use a passphrase—a sequence of four or more random words. For example, PurpleGuitarQuietlySwims.
Passphrases are mathematically much harder for automated software to crack because of their length, but they are significantly easier for you to type and remember.
Never reuse your email password
Your email account is the master key to your digital life. If you forget your password for an online store or a banking portal, where does the reset link go? Your email inbox.
If you use the same password for your work email and a random online forum, and that forum gets hacked, the attackers now have the password to your work email. Always ensure your email password is unique and never used anywhere else.
Enable Multi-Factor Authentication (MFA)
This is non-negotiable for modern business security. Multi-Factor Authentication (MFA), sometimes called Two-Factor Authentication (2FA), adds a second layer of security beyond just your password.
Even if an attacker steals your password, they cannot log into your account without the second factor—usually a code sent to your phone via a text message, or a prompt in an authenticator app. You should enable MFA on your main email account (Google Workspace, Microsoft 365, etc.) and on your MailShield dashboard account.
Use a dedicated password manager
It is impossible to remember dozens of unique, long passphrases. A password manager solves this by securely storing all your logins in an encrypted vault. You only need to remember one strong master passphrase to unlock the vault.
Modern password managers can auto-fill your credentials on trusted websites, and more importantly, they will refuse to auto-fill your details on fake, lookalike phishing sites, adding a massive layer of protection against deception.
Treat unexpected login prompts with suspicion
Attackers often send emails that look like urgent alerts from Microsoft or Google, telling you that your password is about to expire or that a suspicious login was detected. These emails usually contain a link leading to a fake login page designed to steal your credentials.
If you receive an unexpected email asking you to log in, never click the link. Instead, open your web browser, type in the actual address of the service (like office.com or gmail.com), and log in directly to check if the alert is real.