Thu Mar 31, 2011 7:48 am by ChonkyTonks
Sandman,
You are speaking my language. There are some things that you should consider when it comes to passwords for online accounts that should help you with your overall query here:
1. Never use just numbers for your password. It would not take someone long to crack said numerical code.
2. If you are going to use personal information (birthdate, first/middle/surname, etc) try your best to add to them so that they are not easily crackable by someone. For example, "2010JohnDoe" will be harder to crack if you just add, "!2010JohnDoe".
3. Make individual passwords for each site using a visual reminder for said password. For example, if I use Wells Fargo to do my banking (thankfully, I do not), I might use a password like, "W3ll5F@rG05ucK$". This is an easy way to not use the same password with every site, thus making it impossible for someone to get all of your accounts should he/she crack your password.
4. Always try to use a secure channel (https/SSL) with the site. If a site wants you to login to their site without https, it is not worth having an account at that site. If I was sitting in the same coffee shop as you, on the same wireless access point, I could get your username/password from a non-https site.
5. You can always use a password keeper that is encrypted or a service like LastPass. This will help to maintain the security of your passwords at rest and (with LastPass) in transit.
6. In gmail, I believe you can now enable two-factor authentication where you supply your username and password and then, upon clicking "login", you will get a one-time-passode delivered to your phone via sms. This is a great way to enhance the overall security of your session.
Now, when it comes to secure email, there are a few things to consider:
1. Gmail does allow for you to always enable https/ssl for accessing your account. Given, they are good about hashing/masking the password for an account that is not using https/ssl, but it is still a far better practice to enable said feature.
2. Gmail allows for two-factor auth, as I stated above.
3. Gmail shows you a list of account activity for a specified duration. This helps you see if there is any odd access to your account.
4. Rumor has it that Microsoft did enable https/ssl for hotmail, but has since taken it down so that the FBI/NSA can see what is coming/going. I do not use hotmail, but that would certainly be a reason not to use it.
I will not get into encrypting emails unless you want me to get into that. Hope this helps.
-ChonkyTonks