What’s up with Email Hacking?!
With so many stories about email hacking, you’d have to think it’s inevitable, right?
NO! NO! NO! EMAIL HACKING IS NOT (AND SHOULD NEVER BE CONSIDERED) NORMAL!
The Problem:
Because of weak email passwords and no email encryption as “the norm”, email sits on (Internet) servers unprotected behind, often, weak front-end security. Just like a plain text file, if a hacker successfully attacks the server, then all the emails are there for the taking and can easily be read.
Popular web-based email services ALL WORK THIS WAY (Protonmail being one obvious exception). Thus, if you don’t take steps to protect your email, your un-encrypted emails might be in the next email hack you read about. But you say, you don’t have anything in your emails “to worry about”. That’s not really the point. And, upon closer inspection, you probably wouldn’t want your emails totally open to hackers, either.
The Solution:
With just two basic steps, you can almost totally avoid the chances of your email ever being compromised.
Step 1: Use strong passwords on your email accounts!
It’s a sad fact that year after year, most people do not use strong passwords and even re-use weak passwords across email accounts. “Password1” remains the most popular password since it “passes” most password checkers for upper-lower case, a number, and length. Unfortunately, if you use this password, you aren’t using a password at all since this is one of the first a hacker would use in an attack on your email server!
How about a much stronger email password like: 8Y6N2U}(@8N2u8/?Rie9@b=9. ?
——
Step 2: Encrypt your email!
This isn’t new technology, either. Hello, it’s been here for…decades. So, what do we mean by “encryption”?
Two types:
(1) Transport. That is, when you send your email the transport layer should be encrypted. But, transport encryption only encrypts your email on its way to your own email server (and not beyond your server to other email servers). Therefore, what’s the point of securing your email for only part of its journey and then again if the email finally just sits unprotected on the server itself? So, then there’s:
(2) End-to-End encryption. Here, novices will suggest to you that you can encrypt your email and send them the “password” to the recipient. This “Symmetric Encryption”, where the same password encrypts and decrypts, is weak since you must transmit the password itself. The weakness with this approach is that hackers could also intercept that password thus voiding your encryption attempt.
A much stronger approach is to use PGP or other Public Key Encryption email setup for your sensitive emails. With this method, you share your “public” key, but keep your private key private. Thus, this approach overcomes the weakness with symmetric encryption: you do not need to transmit the password.
Setting up PGP can be a little daunting for computer novices. You need to install the program, set up a “keyring”, generate keys, and other one-time setup items. You can also select how long a “key” you want to generate. (A skilled computer user could set up an email client to use encryption as described in about 30 minutes.)
Best yet, popular programs like Mac Mail, Thunderbird (on Mac/Windows) and others, have support for email encryption once you set up the keyring.
You can also just encrypt some text in a window and save that without even using an email program or encrypt a file on your computer. These encryption programs like PGP (and GPG, the free alternative) install right-click menus (shell extensions) so you can encrypt files/text in other places rather than just in emails.
KEY POINT: With encrypted email, your emails remain encrypted on the server until you decrypt them, thus making them useless to hackers (and to other snoops)
Hackers (and other snoops): Good luck decrypting and reading this email:
hQIMA1n71tMYS1g+ARAAryKaRxDQcyd3zjiCRzZe2ZFu9z27ZUFQvPp+NT+8fA2E 8cDDTHPH1gqtlXMKexz4+lsXK73DahsiE9horLJCCF8l5gfsjaj4kWle+XkhBZD8 UAYFyoyWJ6x2AFlh1S2f7vm/xpg3NxAjWyBVD9GypN88xiCk/J154kzHgGm52aCo EwqJ97SiRnPl+/EzbxfouJp9uFPX+VP1b3PMMk6jGLC7+Clhd6sng4YGHvr4OTqH S7DvFxeq7YB9CJFxe76DS6ipEcQqpWEud63VnYrbcJ1r0EU6fAmEvvXDIaoyEL6b pZ8Vz9UM2gsSKQ6zyJqSUo3XHqCsWLstVH1tzJUgFRbnOmJ9LYzwMrrbQykB/BX3 lEZNKLtHNgvtYUKXzmKcZeMKClvvcU/JVDgh5pMUYu1EIB19tPRQtBMre/HqSt+p 5R6edPuZ9PQbNrgfZ49lIbE01ZzrvW6wEhRpn7m33F9xnkrmGNuH0VwwHWuuQ0na ovVj/uXjZeCnHoCsNiqiV7tBZ9czzGq81emCE5CMswKBciO9EB72laXeebQNqFEu XhhmA8yLeANWlk+PogYQh4drrh1VVroK8eTJMN6n1wcICjTL5QDyaFHfX4C7jSMX k7ERBYKU7sJI4KqTvMREbLB9Mse7o7AebdPfwUY2bvIRjcSlPk4z2XlXbAPW2ofS TwEAo0hVPS1Uq1hbhnZemjFzoVy1gCoRUniA234Vm8TAA6ckZ4d1v1jRCgBRHVvZ
oylFIyXuvcnEGGIx57xucxI8XBe6WeGEur2ZUDUrwLg==jxG6
Best yet, the tools mentioned here, like GPG, and the related PC and mac encryption plug-ins are….FREE.
Conclusion:
While it’s disconcerting in 2016, from all the email hacking disclosures, that our elected officials, and government in general, remain clueless about basic email security, that doesn’t mean you have to! Just do a couple basic steps as outlined above to all but eliminate (if not totally eliminate) hackers getting to your email (or being able to read your email even if they do!).
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Please read our disclaimer available from our home page