If someone gets into your email, they own every account you have. These 3 moves lock them out for good

My friend Lisa called me last night, voice shaking. Someone had cleaned out her PayPal. Then her Amazon. Then they tried her bank. Three accounts in 40 minutes. The criminals never touched her passwords. They didn't have to.

Think about what lives in yours right now. Bank statements. Medical results. Your retirement account, your mortgage company, every streaming service, every store you've ever bought anything from. And here's the part that should stop you cold: every password reset link on the planet gets delivered straight to your inbox.

Nope. Not anymore.

The criminal goes to your bank's website. Click "forgot password" and type in your email address. The bank sends a reset link to your inbox. The criminal, already inside your email, clicks it, creates a new password and walks right in. Then they do it to your Amazon. Your PayPal. Your brokerage. Your health insurance portal.

Each account takes about 60 seconds. It's less effort than ordering a pizza.

Use Google Authenticator instead. It generates codes on your physical phone, not through your carrier. Go to your email account's security settings and swap SMS verification for an authenticator app. Takes five minutes.

Go here right now: myaccount.google.com > Security > Third-party apps with account access. Revoke anything you don't recognize or actively use. Gone.

Twenty minutes. Three moves. Lisa wishes she'd done it on a boring Sunday afternoon instead of a panicked Tuesday night.

Your inbox is either a fortress or an open door. There's no in between. And unlike your front door, this one doesn't even need a deadbolt. Just strong security.

Kim Komando is America's Digital Goddess, heard on 510 radio stations nationwide. For more tips on staying safe online, visit Komando.com.