Email Security Best Practices for Beginners | NOVAQY Resources

Part 1: Create a Strong Email Password

Your email password should be the strongest password you have. Here's how to create one that's both secure and easy to remember.

Weak Passwords to Avoid

password123
yourname1985
qwerty
123456789
Pet names, birthdays, addresses

Strong Password Examples

Sunset$Mountain2024!
Blue#Coffee&Rain42
Happy7Tigers!Dance
12+ characters long
Mix of letters, numbers, symbols

💡 The Passphrase Method

Instead of trying to remember random characters, use a passphrase—a sentence that's easy for you to remember but hard for others to guess:

Example: "I love walking my dog at 7AM!" becomes ILwalkingMyD0g@7AM!

Part 2: Enable Two-Factor Authentication (2FA)

Two-factor authentication is like having two locks on your door. Even if someone guesses your password, they still can't get in without the second code.

How 2FA Works:

1.You enter your password (first factor)
2.A code is sent to your phone via text or an app (second factor)
3.You enter that code to finish logging in
4.Even if a hacker has your password, they can't access your account without your phone

Gmail

Go to myaccount.google.com → Security → 2-Step Verification → Get Started

Outlook/Hotmail

Go to account.live.com → Security → Two-step verification → Turn on

Yahoo

Go to login.yahoo.com → Account Security → Two-step verification

⚠️ Keep a Backup

When you set up 2FA, you'll get backup codes. Print them or write them down and keep them somewhere safe. If you lose your phone, you'll need these to get back into your account.

Part 3: How to Spot Phishing Emails

Phishing emails are fake messages that try to trick you into giving away your password or personal information. They're becoming increasingly sophisticated, but there are telltale signs.

🚨 Red Flag #1: Urgency and Fear

"Your account will be SUSPENDED in 24 hours!" or "URGENT: Unauthorized access detected!"

Reality: Legitimate companies don't use scare tactics. They give you time to respond.

🚨 Red Flag #2: Strange Sender Address

Email from "support@amaz0n-security.com" instead of "@amazon.com"

Tip: Always check the ACTUAL email address, not just the display name.

🚨 Red Flag #3: Suspicious Links

Links that look slightly wrong, like "www.paypa1.com" (with the number 1) instead of "paypal.com"

Tip: Hover over links WITHOUT clicking to see where they really go.

🚨 Red Flag #4: Requests for Personal Information

"Please confirm your password" or "Verify your Social Security number"

Reality: No legitimate company will ever ask for your password via email.

🚨 Red Flag #5: Poor Grammar and Spelling

"Dear valued costumer, your acount has been temporary suspended."

Reality: Major companies have professional writers and editors.

✅ What to Do If You're Unsure

1. Don't click any links in the email
2. Go directly to the website by typing the address in your browser
3. Log in to your account normally to check for any real alerts
4. Call the company using a phone number from their official website

Part 4: Daily Email Security Habits

Do This ✅

Use a unique password for email (don't reuse it elsewhere)
Log out of email on shared computers
Review account activity periodically
Keep your recovery phone number updated
Report suspicious emails as spam

Avoid This ❌

Clicking links in unexpected emails
Opening attachments from unknown senders
Responding to requests for personal info
Using simple or reused passwords
Ignoring security alerts from your email provider

What To Do If Your Email Is Hacked

Act Immediately:

1.Change your password immediately — Use a strong, new password
2.Enable 2FA — If you haven't already, do it now
3.Check your sent folder — See if the hacker sent any emails
4.Review connected apps — Remove any you don't recognize
5.Change passwords on other accounts — Especially if you reused your email password
6.Warn your contacts — They may receive scam emails "from you"

Email Security Checklist

1Use a strong, unique password for your email
2Enable two-factor authentication
3Be skeptical of urgent or threatening emails
4Always verify the sender's email address
5Never click links in suspicious emails
6Keep your recovery information up to date

Part 1: Create a Strong Email Password

Your email password should be the strongest password you have. Here's how to create one that's both secure and easy to remember.

Weak Passwords to Avoid

password123
yourname1985
qwerty
123456789
Pet names, birthdays, addresses

Strong Password Examples

Sunset$Mountain2024!
Blue#Coffee&Rain42
Happy7Tigers!Dance
12+ characters long
Mix of letters, numbers, symbols

💡 The Passphrase Method

Instead of trying to remember random characters, use a passphrase—a sentence that's easy for you to remember but hard for others to guess:

Example: "I love walking my dog at 7AM!" becomes ILwalkingMyD0g@7AM!

Part 2: Enable Two-Factor Authentication (2FA)

Two-factor authentication is like having two locks on your door. Even if someone guesses your password, they still can't get in without the second code.

How 2FA Works:

1.You enter your password (first factor)
2.A code is sent to your phone via text or an app (second factor)
3.You enter that code to finish logging in
4.Even if a hacker has your password, they can't access your account without your phone

Gmail

Go to myaccount.google.com → Security → 2-Step Verification → Get Started

Outlook/Hotmail

Go to account.live.com → Security → Two-step verification → Turn on

Yahoo

Go to login.yahoo.com → Account Security → Two-step verification

⚠️ Keep a Backup

When you set up 2FA, you'll get backup codes. Print them or write them down and keep them somewhere safe. If you lose your phone, you'll need these to get back into your account.

Part 3: How to Spot Phishing Emails

Phishing emails are fake messages that try to trick you into giving away your password or personal information. They're becoming increasingly sophisticated, but there are telltale signs.

🚨 Red Flag #1: Urgency and Fear

"Your account will be SUSPENDED in 24 hours!" or "URGENT: Unauthorized access detected!"

Reality: Legitimate companies don't use scare tactics. They give you time to respond.

🚨 Red Flag #2: Strange Sender Address

Email from "support@amaz0n-security.com" instead of "@amazon.com"

Tip: Always check the ACTUAL email address, not just the display name.

🚨 Red Flag #3: Suspicious Links

Links that look slightly wrong, like "www.paypa1.com" (with the number 1) instead of "paypal.com"

Tip: Hover over links WITHOUT clicking to see where they really go.

🚨 Red Flag #4: Requests for Personal Information

"Please confirm your password" or "Verify your Social Security number"

Reality: No legitimate company will ever ask for your password via email.

🚨 Red Flag #5: Poor Grammar and Spelling

"Dear valued costumer, your acount has been temporary suspended."

Reality: Major companies have professional writers and editors.

✅ What to Do If You're Unsure

1. Don't click any links in the email
2. Go directly to the website by typing the address in your browser
3. Log in to your account normally to check for any real alerts
4. Call the company using a phone number from their official website

Part 4: Daily Email Security Habits

Do This ✅

Use a unique password for email (don't reuse it elsewhere)
Log out of email on shared computers
Review account activity periodically
Keep your recovery phone number updated
Report suspicious emails as spam

Avoid This ❌

Clicking links in unexpected emails
Opening attachments from unknown senders
Responding to requests for personal info
Using simple or reused passwords
Ignoring security alerts from your email provider

What To Do If Your Email Is Hacked

Act Immediately:

1.Change your password immediately — Use a strong, new password
2.Enable 2FA — If you haven't already, do it now
3.Check your sent folder — See if the hacker sent any emails
4.Review connected apps — Remove any you don't recognize
5.Change passwords on other accounts — Especially if you reused your email password
6.Warn your contacts — They may receive scam emails "from you"

Why This Matters

Part 1: Create a Strong Email Password

Weak Passwords to Avoid

Strong Password Examples

💡 The Passphrase Method

Part 2: Enable Two-Factor Authentication (2FA)

How 2FA Works:

Gmail

Outlook/Hotmail

Yahoo

⚠️ Keep a Backup

Part 3: How to Spot Phishing Emails

🚨 Red Flag #1: Urgency and Fear

🚨 Red Flag #2: Strange Sender Address

🚨 Red Flag #3: Suspicious Links

🚨 Red Flag #4: Requests for Personal Information

🚨 Red Flag #5: Poor Grammar and Spelling

✅ What to Do If You're Unsure

Part 4: Daily Email Security Habits

Do This ✅

Avoid This ❌

What To Do If Your Email Is Hacked

Act Immediately:

Email Security Checklist

Think Your Email Has Been Compromised?

Related Resources

Staying Safe Online

10 Common Tech Problems

Why This Matters

Part 1: Create a Strong Email Password

Weak Passwords to Avoid

Strong Password Examples

💡 The Passphrase Method

Part 2: Enable Two-Factor Authentication (2FA)

How 2FA Works:

Gmail

Outlook/Hotmail

Yahoo

⚠️ Keep a Backup

Part 3: How to Spot Phishing Emails

🚨 Red Flag #1: Urgency and Fear

🚨 Red Flag #2: Strange Sender Address

🚨 Red Flag #3: Suspicious Links

🚨 Red Flag #4: Requests for Personal Information

🚨 Red Flag #5: Poor Grammar and Spelling

✅ What to Do If You're Unsure

Part 4: Daily Email Security Habits

Do This ✅

Avoid This ❌

What To Do If Your Email Is Hacked

Act Immediately:

Email Security Checklist

Think Your Email Has Been Compromised?

Related Resources

Staying Safe Online

10 Common Tech Problems