Mail encryption, the need of times Why You Should Encrypt Your Email [HR][/HR] Security is mostly hype, right? You don't really need to bother with all those complicated passwords, antivirus software, firewalls and such. Its all just security software vendors and security consultants trying to scare everyone so they can sell their products and services. I don't actually disagree with those statements at times. There are common sense steps everyone should take to secure their computers and networks, but there is certainly no shortage of hype in the news. Like the latest hot mutual fund- by the time it makes it into a newspaper or magazine it is old news and most likely too late for you to react to anyway. However, as one of the common sense measures that aren't pure hype you should consider encrypting your email communications. If you are on vacation you might send a picture postcard to a friend or family member with a quick "wish you were here" sort of message. But, if you are writing a personal letter to that same friend or family member you would be more inclined to seal it in an envelope. If you are mailing a check to pay a bill or perhaps a letter telling a friend or family member that the extra key to your house is hidden under the large rock to the left of the back porch you might use a security envelope with hatched lines to obfuscate or hide the contents of the envelope even better. The post office offers a number of other means of tracking messages- sending the letter certified, asking for a return receipt, insuring the contents of a package, etc. Why then would you send personal or confidential information in an unprotected email? Sending information like the location of your extra house key under the large rock to the left of the back porch in an unencrypted email is the equivalent of writing it on a postcard for all to see. Encrypting your email will keep all but the most dedicated hackers from intercepting and reading your private communications. Using a personal email certificate like the one freely available from Thawte you can digitally sign your email so that recipients can verify that its really from you as well as encrypt your messages so that only the intended recipients can view it. Comodo is another company offering free digital certificates for personal use. You can obtain your free certificate by filling out a very short and simple registration form. That actually introduces an added benefit. By obtaining and using a personal email certificate to digitally sign your messages you can help to stem the tide of spam and malware being distributed in your name. If your friends and family are conditioned to know that messages from you will contain your digital signature, when they receive an unsigned message with your email address spoofed as the source they will realize that its not really from you and delete it. The way typical email encryption works is that you have a public key and a private key (this sort of encryption is also known as Public Key Infrastructure or PKI). You, and only you, will have and use your private key. Your public key is handed out to anyone you choose or even made publicly available. If someone wants to send you a message that is meant only for you to see, they would encrypt it using your public key. Your private key is required to decrypt such a message, so even if someone intercepted the email it would be useless gibberish to them. When you send an email to someone else you can use your private key to digitally "sign" the message so that the recipient can be sure it is from you. It is important to note that you should sign or encrypt all of your messages, not just the confidential or sensitive ones. If you only encrypt a single email message because it contains your credit card information and an attacker is intercepting your email traffic they will see that 99% of your email is unencrypted plain-text, and one message is encrypted. That is like attaching a bright red neon sign that says "Hack Me" to the message. If you encrypt all of your messages it would be a much more daunting task for even a dedicated attacker to sift through. After investing the time and effort into decrypting 50 messages that just say "Happy Birthday" or "Do you want to golf this weekend?" or "Yes, I agree" the attacker will most likely not waste any more time on your email.