• United States



How to protect your email account from Equifax hackers in 5 minutes

Sep 11, 20173 mins
Access ControlAuthenticationCyberattacks

Force your email account to require a secret code that cyber criminals don't have, even if they get your login ID and password from the Equifax hackers.

If the Equifax breach caused 143 million U.S. consumers to have their email credentials, Social Security numbers and birth dates, plus other personal information accessible to hackers, then that equates to roughly 55% of Americans age 18 or older who have been affected, according to an article in The Wall Street Journal.

The good news is that anyone over 18 should be able to protect their email account from Equifax hackers in 5 minutes.

If the Equifax hackers stole your email address and password, there’s a good chance it will be “for sale” on the dark web. That means your personally identifiable information is at risk of propagating out to legions of cybercriminals.

The first obvious thing to do — which you should do right now if you haven’t already — is change your password. But don’t stop there.

Next, turn on two-step verification (a.k.a. multi-factor authentication) in your email account. This post on CSO explains more on why and how to do it in 5 minutes.

In a nutshell, you’ll have a two-step process for logging into your email account. First, you’ll type in your login ID and password. Then you’ll need to type in a secret code that your email provider texts to your mobile phone each time you attempt to login.

This way, a hacker can’t access your email unless they have your phone. You’ve turned your phone into a physical key!

(You can configure two-step verification so that it recognizes the device you’re logging in from — i.e. your PC, Mac or laptop — and you won’t need the special code each time you log in, which would be a nuisance.)

Two-step verification is a basic and powerful feature in Gmail, Yahoo Mail, AOL Mail, and other popular email services.

Organizations should instruct all of their employees to turn on two-step verification in their personal email accounts. It’s also a good idea for corporate email accounts to require two-step verification. Some consumers may have shared their business email information with Equifax.

If you don’t turn on two-step verification in your email account, then you’ve got no one to blame but yourself when you get hacked — and there’s a good chance you will.

Or you can set it up so that when a cyber thief tries logging into your email account, they’ll be prompted for the secret code (which only you have on your phone).

Consumers are notoriously lax when it comes to cybersecurity. That bad habit needs to change today.

Email security resources:

Visit to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.