Can my email account be accessed without the password? How secure is it?

  • Can my email account be accessed without the password, and how secure is email if I store my personal documents on it?

    And how come Yahoo Mail asks me to tell them my friends and folders names to give it back to me after being stolen?

    Just adding a note to this topic, a password is an illusion of security. Resources, by nature, aren't tied to passwords. Passwords are added to "if" statements in code but the resources have nothing to do with the password. In this example, resources could be your emails.

  • Graham Hill

    Graham Hill Correct answer

    9 years ago
    • Typically, your email provider (Yahoo, for example) can read everything in your email without knowing your password.
    • And they will, as required by law and potentially in other circumstances, provide copies to Law Enforcement and Government.
    • It is also possible that an attacker could compromise Yahoo's servers and access your email that way.
    • And an attacker might be able to get hold of your password in various ways, in which case the attacker can gain access to your email. Or, an attacker might be able to guess the answers to your security questions, which also is sufficient for the attacker to gain access to your email account.
    • Lastly, it's important to mention that emails are not just documents on your email server; they're also on the email server of the person who sent it to you, and maybe cached on your client, and maybe on their client, and backed up in various places, and they travel over the network. Lots of copies mean lots of places where an attacker can get hold of a copy. (Your question hints that you might just be storing documents in email without sending them, in which case this is less of an issue.)

    Now, all this sounds very scary, but it's important in security to understand the level of risk and what your risk appetite is. Nothing is 100% secure - so you have to ask yourself: - How valuable is this data to me? What will it cost me if there is a breach? - What kind of attacker might try and get it? What resources and capabilities do they have?

    If the data is not very valuable, and anyone who is likely to want it is not very capable, then you don't need a lot of security.

    I'm not sure this is very practical, so here's some simple tips will help you improve the security of your stored email:

    • Choose a good password - not in a dictionary, not a name or a date, as long as possible, with a mixture of lowercase, upper case, symbols.
    • Don't use that same password anywhere else; don't write it down or tell anyone, and use something random that isn't connected to you.
    • Be careful about your answers to security questions, to make sure that no one will be able to guess them. If it looks like someone might be able to guess one of the answers to one of your security questions, you could consider lying (pick a random answer that will be unguessable), and write it down somewhere in case you ever need it.
    • Consider encrypting the documents (with a different password to the one used for your email). There are lots of good tools for this: I like http://www.sophos.com/en-us/products/free-tools/sophos-free-encryption.aspx. Don't rely on built-in passwords in Word or WinZip, use a dedicated encryption tool.

    so email provider can read my emails, thats really so scary and how come they didnt mention it any where ? so if i use email to backup my PRIVATE FILES they can just go there and read. thats so much stupidity, thanks for ur answer i guess u answer the question all i was want to know if email provider can read my emails and files stored on its server without knowing the password or not, and they can so will search for some secure backup box somewhere else :((

    Unless you encrypt your data before transferring it to a third party, you have to expect that whoever runs the service to which you transfer the data can read it. (Doesn't mean that they *will*.) Using good encryption will mitigate the problem of their ability to *read* it, but of course they will still be able to *access* the encrypted files just the same.

    @rezx: Yes, they do mention it in the _terms & conditions_ & _privacy policy_ documents on which you clicked the `I Agree` button while signing up for their service.

    @VikrantChaudhary - You assume rezx even read a single sentence of Yahoo's terms and conditions.

    @rezx - When you give data to a third party and do not encrypt before giving it to them (HTTPS encryption doesn't count as that's only on the on the transport from your computer to their computer; you need to encrypt your data at your end, and upload it encrypted), you should expect them to be able to trivially read it. The only stupidity is the assumption that they could not read your emails/files.

    @ Vikrant Chaudhary & Ramhound yes i dont read any terms but email hve password and should be secret even if they will give me the service for free they didnt hve the right to read my personal message.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM