# Composers: Cancel your free mail accounts



## Hannes_F (May 13, 2014)

Just a minute ago I received one more alleged mail from a composer that obviously got his mail account hacked. It was not the first and it will not be the last.

What they all had in common so far: They were free mail accounts ... gmail.com, yahoo.com and so on.

I can not for the life of me understand how a professional composer can use a freebie mail account except perhaps as a throwaway adress against spam. These things are highly unsecure. Regard yourself as unprotected if you do that. If your business is dependent on it then do yourself a favor and rent a proper domain at a quality host service including some mail space. You owe it to yourself.


----------



## Marius Masalar (May 13, 2014)

Kind of misplaced blame here, I think.

Every serious email provider offers 2-factor authorization, numerous failsafes, and multiple reminders to use non-shitty passwords.

What do people do? They don't use 2FA, don't set up recovery info, and they use shitty passwords. In fact, they tend to use the same shitty password everywhere just to make things easier for the harvesting bots.

Most folks who use a company email address do so through Google Apps or something like that—in other words, the exact same infrastructure that powers Gmail. Or, worse, they'll use the generic mail offered by their web hosting provider.

If you want to complain about Gmail being free, complain about the targeted advertising, complain about the weird IMAP implementation, complain about the design...but security? No.

Security is our own individual responsibility and most every company out there does everything they can to offer the tools needed to safeguard one's accounts.

Instead of scaremongering and blaming the service providers, it's more productive to encourage peers to be more security conscious and provide them with the resources needed to do so.

For instance, everyone should be using 1Password (or LastPass/KeePass, etc.). No one should have their passwords saved in Notepad or the Stickies app. If you're too lazy to set up 1Password, each account should still have a different password, preferably one that's set up algorithmically so it's obtuse to others but easy for you to remember. Everyone should understand what makes a strong password.

Helping people keep themselves secure in the digital world is important, but I prefer to take a proactive stance. Being secure has less to do with what services you use and far more to do with how you use those services.


----------



## karmadharma (May 13, 2014)

Hannes_F @ Tue May 13 said:


> These things are highly unsecure. Regard yourself as unprotected if you do that. If your business is dependent on it then do yourself a favor and rent a proper domain at a quality host service including some mail space. You owe it to yourself.



if anybody's computer is hacked and a keylogger is installed, it doesn't matter which email provider you use, whether google or yahoo or a private domain, the password is going to be logged and your account will be compromised.

As much as having one's private domain can be construed as a good marketing move (to give a more professional impression) I personally trust a lot more google's security team compared to a random webhosting provider (which in many cases anyways uses google as their mail back-end) so again, from a security perspective, in my opinion google is as safe as it can be in terms of webmail.

In my opinion it is a lot more important to keep a very tight lid on your home computer security, and for example having a completely separate computer on a completely separate VLAN for any sort of business-related tasks, a computer were you do not browse the internet (outside of your mail provider, where again odds are google is a lot safer) and have a very locked down browser for that as well (whitelist javascript, etc. etc.) and be really careful about using your business email on your phone/computer attached to any public wifi network (meaning don't do it unless you REALLY trust the network you connect to).


----------



## kclements (May 13, 2014)

Great advice and I couldn't agree more. I pay about $40 a year for 5 email addresses. Go out and get your own email. 

Cheers
kc


----------



## markwind (May 14, 2014)

+1 Mathazzar & karmadharma

And to Hannes; 
The fact that all of these people had in common that they used free e-mail accounts that does not logically follow to the conclusion that it is these services are faulty: The majority of the people use those accounts, so if a random e-mail account is hacked, there's a pretty big probability that it's a free e-mail account. Also, if you are any bit up to speed you'd realize that a many number of Universities, large and small businesses use these services, especially from Google. Universities are now wholly reliant on the structure, stability and security of it. 

If you think Google doesn't know security, think again.. Google's business model is incredibly benefited from having reliable services, as they use such private information for their adds.


----------



## Hannes_F (May 14, 2014)

.... all good and fair, but both Gmail and Yahoo mail _have _been affected by the Heartbleed bug. So have been others, but in my logic the temptation for hackers to break into such mass freemail providers is much bigger than to hack a local quality provider. Your mileage may vary.

http://mashable.com/2014/04/09/heartble ... l2am52aCJ9



markwind said:


> Also, if you are any bit up to speed you'd realize that ...
> 
> If you think Google doesn't know security,



markwind, I wonder why are you getting personal and why are you putting words into my mouth that I did not say? No need for that imo, cheers.


----------



## jcs88 (May 14, 2014)

I send most of my VI purchases to my gmail as I can access it from anywhere easier than my professional account - if something goes wrong with my payment/provider, I might lose access for a while.

I have a two step authentication with my phone, and if anyone logs in from an unknown location I get an instant email. Secure enough for me.


----------



## markwind (May 14, 2014)

Hannes_F @ Wed May 14 said:


> .... all good and fair, but both Gmail and Yahoo mail _have _been affected by the Heartbleed bug. So have been others, but in my logic the temptation for hackers to break into such mass freemail providers is much bigger than to hack a local quality provider. Your mileage may vary.
> 
> http://mashable.com/2014/04/09/heartble ... l2am52aCJ9
> 
> ...


I simply match your tone that blatantly judges the use of free services, and professionals using them, without researching the topic properly first, stating opinions about the security and presenting them as facts, it's poor conduct. And sentences that start with "If" are not putting words in your mouth. They are assumptions made by me that are not tested, not conclusions (I honestly differntiate them, I realize not everyone makes that distinction). 

But if you're not Tech-savvy then don't draw conclusion that have no basis, it's fear-mongering, and I don't subscribe to unfounded fear-mongering. The heartbleed bug has affected countless of systems, both for paid and unpaid services. My website-hosting provider, who also provides paid e-mail services, has used the SSL protocol (which many, many services do) and was just as well affected by it. 

The heartbleed bug is a bug in the SSL protocol software for authenticating and securely allowing communication between various systems and is used in many systems for many businesses. I understand how for non-tech-savvy folk this seems scary, and the heartbleed bug is certainly a scary one, but it is not a matter of free or paid. SSL is a industry standard. 

If a "hacker" would want your e-mail data, he'd get it depending how good and invested he is to get it. However, most 'hacks' are user-related as our fellow posters clarified above. Clicking on stuff when you shouldn't, opening pages when you shouldn't, filling out information where you shouldn't. 

perhaps a little fun-fact. 
If you like to know more, CEO of paypal predicted, or hoped, that passwords because of their inherent user-related risk-factor will be exchanged with other forms of authentication within 10 years..


----------



## Hannes_F (May 14, 2014)

> But if you're not Tech-savvy then don't draw conclusion that have no basis



Is that another of your 'if' sentences?

I've been programming for the creator of object orientated progamming himself and I know what the heartbleed bug is, thank you. 

It might be an age thing but when I was younger I also tended to belittle internet risks. After dealing with IT for decades and watching countless hack attacks (and yes, on university networks too) I am somewhat more reluctant. Our mail adress is an important line of defence since password requests or resets leading to many costly frauds can be done with it.

You wrote:


> Google's business model is incredibly benefited from having reliable services, as they use such private information for their adds



Thank you for that information too, and I can't even express on how many levels this single sentence troubles me. But thank you again for your valuable and tech-savvy insights.


----------



## markwind (May 16, 2014)

Hannes_F @ Wed May 14 said:


> I've been programming for the creator of object orientated progamming himself and I know what the heartbleed bug is, thank you.
> 
> It might be an age thing but when I was younger I also tended to belittle internet risks. After dealing with IT for decades and watching countless hack attacks (and yes, on university networks too) I am somewhat more reluctant. Our mail adress is an important line of defence since password requests or resets leading to many costly frauds can be done with it.


I'm not quite sure how you see my posts as possibly belittling internet risks? I was addressing your point about the presupposed difference between free and paid services in regards to security within the context of e-mail services. How do you extrapolate from that my view on internet risks as a whole? That's quite an unfounded leap there. My views on internet risks have not at all been shared in this discussion. 

And about hackers 'willingness' to 'hack' free e-mail services. I doubt its their willingness that makes that a predominant happening, it's just that free e-mail accounts usage are quite widespread.

If assumption A) Most accounts are hacked through some form of user-related action - is true, then regardless of the system in place, the user is the primary risk factor to his or herself. If you think it's not true, then we'd differ in our assumption on what kind of problem is most predominant. You might be wrong, I might be wrong in that assumption, and regardless who is right, it would explain how we seem to approach this subject so differently.


> You wrote:
> 
> 
> > Google's business model is incredibly benefited from having reliable services, as they use such private information for their adds
> ...


Are you being sarcastic? And of course Google's actions are questionable, how wouldn't that go without saying haha, doesn't everyone realize that by now? But I can appreciate the business model of Google from an entrepreneurial standpoint, and the only reason I brought it up is to address to the risk factor you subscribe to free e-mail accounts such as gmail - I realize not everyone manages to stay on topic when other topics are within reach but that's a sure way to not get somewhere in any discussion. 

So yeah to me, this discussion seems quite unguided. We went from "Free vs Paid e-mail services" To discussing internet security in a more general sense without any basis within the previous discussion to warrant that sidetracking or switch. The only reason I entered this topic, is because I disagree on the former topic. If you'd like to discuss the latter - that's fine. That topic would not be for me as it is too complex a matter which people more often like to simplify to feel like they have a grasp on it. I'm much more inclined to really research the matter - if I wanted to dedicated my time to it that is, which I don't . To each his own I say.


----------



## Hannes_F (May 17, 2014)

Mark,

I agree that user related actions are the predominant risks - of course. There are a number of measures that have been discussed here ad nauseum like

- using good passwords
- frequently exchanging passwords
- using different passwords for different accounts
- using a virus scanner program
- using a software firewall (this one is controversial)
- using a mail program rather than a online mail reader
- using Thunderbird and Firefox rather than Outlook and IE
- using one computer for outside communication and decoupling studio computers from the internet, at least partially
- not opening mail attachements coming from unknown sources
- performing a virus scan before opening attachments from known sources
- not logging in into facebook or your bank account or whatever by clicking on links in mails - open a new browser window and enter the adress by hand
- staying clear from suspicious websites
- staying clear from pirated software
- contemplating a hardware firewall

My point was that _after this all has been understood and done_ (as I assume we are talking about business conduct here) a freemail account - especially gmail and yahoo, or web.de or gmx.de if we are talking about germany - seems to be me more open to prying eyes than the paid service of a local (in-country) isp.


----------



## markwind (May 17, 2014)

Hannes_F @ Sat May 17 said:


> Mark,
> 
> I agree that user related actions are the predominant risks - of course. There are a number of measures that have been discussed here ad nauseum like
> 
> ...



That makes sense sure. Though are you talking a business account at an ISP, or a regular account? Regular accounts really don't amount to much, security wise.


----------



## GdT (Aug 15, 2014)

> For instance, everyone should be using 1Password


+1
nice software runs on Windows and Mac


----------



## Waywyn (Aug 15, 2014)

It totally doesn't matter, the only thing that matters is how oneself handles the account!
I have a domain name (which I decided to dump after a while) and I did a lot of signing up newsletters, looking out for free stuff etc. ... it was at the beginning of being self employed. Today that account is so messed up that I stopped looking into it. On the other hand I have an Gmail (since around 11 years now), a Yahoo and an Outlook account and NONE of these accounts got hacked at all!

The only thing that matters is what email you open, what you click and how much you think by what you click on!


----------



## jaeroe (Aug 15, 2014)

You'd be surprised how many hosting sites actually use google's services to filter out spam. so, a huge amount of servers end up going through google nowadays.

online purchasing and signing up for things generate a huge amount of email and other things heading your way. best to have one account for such things and a separate account for work.

and as alex mentions - just be fairly smart about things (and don't be lazy). think of how much we use email and the web now. so, a little time and money going into security makes sense.


----------



## Stiltzkin (Aug 15, 2014)

Generally speaking your accounts are hacked not because of your computer or your internet history - this is a very very common mistake people make about hackers.

Firstly, hackers are smart and they know that trying to hack google or any of the big names will take incredible amounts of man power and effort. There's no need to, why hack google when you can hack a tiny website or forum? This is where most hackers get their information - SO many people use the same email and password on forums or websites as their ACTUAL email logins. 

(Not saying you did this hannes btw, this is more just a general FYI since it hasn't been covered)

Hackers go after forums a lot, often forums don't even know they've been hacked - they just go in, grab all the details and match it all up then see what works and what doesn't.

Sneaky, but effective.


----------



## Nick Batzdorf (Aug 15, 2014)

Actually, my paid Earthlink account is much less reliable than my Gmail one.


----------



## Allegro (Aug 15, 2014)

Tl;dr It is unprofessional. NOT insecure. 

I use google apps for business on my domain so my mailing services are essentially handled by gmail despite of whatever stuff I got with my hosting company. The spam filter is one of the best if not THE best for me.


----------

