
Your email account is the master key to your entire online life. Forgot a password to your bank, social media or shopping site? The reset link goes to your email — so whoever controls it controls everything. That makes securing your inbox the single most important thing you can do online. Our GetMyPassword team walks through how to secure your email account properly.

Why email comes first
Almost every other account you own can be reset through your email. An attacker who gets into your inbox can request password resets everywhere, read the codes, and lock you out of your own accounts one by one. Secure the email, and you protect the keys to all the rest.
The essential steps
- Use a unique, strong password for email that you use on no other site.
- Turn on two-factor authentication — ideally an app or security key, not just SMS.
- Set up recovery options (a backup email and phone) and keep them current.
- Review forwarding and filter rules — attackers add secret forwarding to read your mail.
Stay alert to phishing
Because email is so valuable, it is the most phished account of all. Be suspicious of “unusual sign-in” or “verify your account” messages, check the sender’s real address, and never enter your password through a link in an email. When in doubt, open your email provider directly by typing its address.
Secure your email like the front door to your whole digital house — because it is. Every other lock can be opened with the key that lands in your inbox.
Check it hasn’t already been breached
Look at your provider’s recent activity or “last account activity” page for logins you do not recognise, and check your address on a breach-notification service. If anything looks off, change the password immediately to a fresh one from our password generator, sign out all sessions, and review those forwarding rules again. A secure inbox is the foundation everything else rests on.
Frequently asked questions
What is the most important step to secure email?
Turn on two-factor authentication and use a unique, strong password. Together they stop the vast majority of attacks, since a leaked password alone is no longer enough to get into your inbox.
Why should I check email forwarding rules?
Attackers who briefly access your inbox often add a hidden forwarding rule to keep copies of your mail, including reset codes, even after you change the password. Removing unknown rules cuts off that access.
Is SMS two-factor enough for email?
It is far better than nothing, but an authenticator app or security key is stronger because it resists SIM-swap attacks. For your most important account, choose the strongest second factor available.



