External security

From xat wiki
(Redirected from Email Security)

External Security is any security measure that is out of xat's control and is in the user's hands, such as using a strong password, and protecting their email.

Therefore, these tips are not directly connected to xat and it is ultimately the user's choice to follow them, and they can be applied to any website. These tips are critical to keeping your xat account secure, and we recommend that you utilise them.

Remember that xat will never ask you for your personal information.

Password

Passwords are the key words of account security and having a strong password is essential while using xat or any other website. Having a strong password prevents people from guessing and brute forcing your password.

To make sure that no one can guess your password, avoid using your name or names of family members, your username, birthday, repeated characters, or any common words found in the dictionary. Remember to use a different password to your email.

Note: On xat, any non-alphanumeric characters will be stripped from your password, so ensure that it only contains alphanumeric characters (a-z, A-Z, 0-9).

Making a Strong Password

Making a strong password can be difficult. However, generally a strong password consists of at least 8 characters that are a combination of letters (both uppercase and lowercase) and numbers. The more characters your password contains, the stronger it will be.

You may be using the following generator to instantly create a secure and random password (which works with xat) that you can use for your account: https://www.avast.com/random-password-generator.

Regularly Changing Your Password

In a fast-paced and forever-changing place like the internet, it is recommended that you change your password every 3 - 6 months so that in the event there is any sort of data breach, your account will likely not be affected.

Email Security

Email security is undoubtedly important, as this is basically your centre of communication and links all of your accounts together, be it xat or any other social networking site.

Most of the suggestions below cover the four major email providers: Gmail, Outlook/Hotmail, iCloud and Yahoo Mail. If your email provider is not listed, contact them and ask about their extra security features to protect your account.

Note: If you are a paid user (have purchased xats before), you can request an email change by opening a ticket.

Our recommendation

We recommend that you use Gmail as your primary email for xat. Gmail has several security methods to protect you from unauthorized access and they do not allow the reuse of email addresses. In addition, Gmail is the provider with the least occurrence of problems with receiving e-mails from xat.

We recommend you take a closer look at these security methods below to prevent third party access to your email.

2-step verification

The main email providers allow you to use 2-step verification to secure your email accounts. It requires you to give to your provider your phone number. Each time someone (including you) tries to access your email account, you will be sent a security token to your phone to then enter on your email login, which will allow you to continue. This way, only someone with your phone is able to login into your email account.

Here is a list of links with guides for some providers who provide their users with 2-step verification:

Authentication

Gmail and Hotmail/Outlook allow you to use Authentication to secure your email account. Authentication is the industry standard for time-based or one-time passcodes (also known as TOTP or OTP). It requires you to download the authenticator app of your specific provider and activate it through your e-mail settings. Each time someone (including you) tries to access your email account, you will be asked to type a temporary security token from the application to be granted access. These codes can also be generated offline which is useful if your device has no internet access.

Note: On Gmail, a QR code and a time-based key (which will be shown when you click on "can't read the code?") will be generated so that you can activate your application. You should save both of them in a safe place, so that if you lose your phone, you will be able to activate it on another device.

Here is a list of links with guides from Gmail and Hotmail/Outlook on Authentication:

Other methods

Gmail and Hotmail/Outlook also provide other methods to secure your email account. They are:

  • Backup codes: These are unique passwords that allow you to log in when you are away from your smartphone, such as when you are traveling. They can also be used in emergencies, and when all other methods fail. We recommend that you print or save them in offline storage units (i.e. USB drive).
  • Access requests through the app: You can prompt an access request that will appear via pop-up on your smartphone instead of entering your password.
  • Backup phone (Gmail only): If you lose access to your phone and do not have any other recovery methods activated, this allows you to send a security code to an alternative phone.
  • Physical security key (Gmail only): This method allows you to use a device as a physical key to access your email account. This can be done via your smartphone using Bluetooth or connecting directly to your computer's USB port, or by using an offline storage unit.

Here is where you will be able to setup these methods:

Warning: We do not recommend Hotmail/Outlook or Yahoo! email providers due to their policy that allows them to recycle email addresses if they become inactive.