Some thoughts on keeping email secure, and how to regain access to a Gmail account when things go wrong. Patrick Marshall answers your personal technology questions each week.

Share story

Q: It’s incredible to me how many large law firms and insurance companies do business over regular email, and have not the slightest notion of the risk they expose their clients to. One lawyer I have to deal with claims that his firm has its own servers so any email between us (my Gmail or Yahoo email) is secure. I don’t see how that makes any sense.

Encryption has to be end to end. What difference does it make if he has secured servers?

— Dean Shibayama

A: You’re right that a system using unencrypted emails sent over open channels and residing on third-party servers is far from secure. Companies that require secure communications — banks, escrow companies, financial managers, etc. — generally store all communications on their own servers, and clients are required to log in over a secure (encrypted) connection to read or answer emails.

Of course, even those communications are subject to subpoena. And there’s no absolute guarantee that a hacker can’t get into the company’s network and access those emails.

Related Tech Q&As

Read more from Patrick Marshall here >>

So the question is really, how much security do you require? Enough to install — and protect — your own email server?

Frankly, most people I know don’t put sensitive information in emails and aren’t concerned about them residing on a Google or Microsoft server. But I do advise people not to send any sensitive information — bank-account information, etc. — over an unencrypted connection and especially not when connected to an insecure network, such as public Wi-Fi at a coffee shop. Since I travel quite a bit and am often forced to use public Wi-Fi, I pay $70 a year for a subscription to a virtual private network. It cuts down performance a bit, but it encrypts all communications over the Wi-Fi.

Q: I have had a Gmail account for years and years with the same password, and Google would open my email automatically with the stored password, until it didn’t. I have tried everything, including all my old passwords, and Gmail refused them all. They sent access codes to my secondary email address which was a work account, and I have not worked at that company for eight years, so I cannot access that account.

I can still get Gmail through a mail client on my iPad. I have opened another Gmail account, but the old account has my contact list, and I cannot access that contact list!

I know this is my fault; I should have updated my backup email account when I resigned that job. Is there anything I can do? Facebook is starting to ask for a password, and I think I may end up in the same situation there.

— Mary MacKintosh

A. Fortunately, there are a number of different ways to reset your Gmail password. Follow this link and you’ll find step-by-step instructions: