TechViews News …..
After last year’s massive Yahoo email breach, and the questionable privacy of Gmail, a lot of people are looking for a secure & private way to transmit email messages without snooping.
ProtonMail is much more secure than any other mail provider and is the ideal place for password resets and bank account statements. I don’t usually advocate for specific products, but you SHOULD use ProtonMail for important emails that NEED to be private.
Now it’s always smart to have a couple of ‘throwaway’ email accounts for things like registering on junk websites, or signing in to read the news or favorite recipes, and such. But there are some communications that need to be private, and may contain personal information such as medical conversations, banking or shopping information. You get the idea.
Email, by its very nature, is not secure. Even using strong passwords it’s far too easy to snoop, phish, or stumble into someone’s email account. And this is especially true of our “daily” email accounts where we get most of our ’ordinary’ email communications from friends and acquaintances. Plus, if you’re receiving email on your phone, iPad, and synchronized computers at home and work, you’re leaving yourself vulnerable to account highjacks.
There’s really no way to fix this, and it’s not your email provider’s fault or anyone else’s. You want your email to be accessible whether you’re at home, at work, or on the road.
That is one reason email is fundamentally insecure. Since you want it to work everywhere and go everywhere, it’s designed with the lowest common denominator in mind. So email protocols are fundamentally insecure by design.
But we don’t just use email to chat and do business. We also use our email accounts as a “verification factor” for password resets and to receive intensely-personal information from our banks, doctors, and so on. I don’t blame these sites for using email addresses for security: Email is the only universal account, and I much prefer emailed verification than some kind of proprietary authentication, handing over even more power to Facebook, Google, or Twitter!
Create a “Backstop” Email Account
It’s time to stop mixing communication and authentication in the same email account.
The solution is simple: Get another email account for security-related functions. You can keep using your regular email for regular communication, but redirect security and financial information to a secure account.
Many people use this principle already. It’s generally an email account with a different provider that is used solely for the purpose of verification of other accounts. That’s a REALLY smart thing to do and everyone should think about doing it.
But what if that separate account is even more secure than all your other ones? Then that creates a near-perfect means of contact that is totally private.
ProtonMail is a Great Backstop
This was my checklist for that ‘backstop email”:
- Encrypted with serious security on the back-end
- Support for complex passwords and two-factor authentication
- Compatible with ordinary SMTP for incoming and outgoing mail
- No need to synchronize with standard IMAP protocol
- Location in a trustworthy location and legal jurisdiction and developed by credible people
- Cheap or free and managed (so I have less work to do)
ProtonMail checks all those boxes for me. It’s a secure email provider in Switzerland with end-to-end encryption developed by CERN researchers. Internet email is exchanged using standard protocols but is encrypted using per-user private keys for storage. ProtonMail staff can’t access the contents of a mailbox even if they wanted to, and Switzerland has very strong notification and review laws.
Access to each email account uses a second key, which is decrypted on the client side using the account password. Email can be accessed through a browser-based application or mobile application for iOS or Android. ProtonMail even supports encrypted and authenticated account-to-account communication, but this isn’t one of my requirements.
Just so you know: You cannot access ProtonMail from a regular mail client. You have to use their webmail or mobile apps. And that’s a feature, not a bug, since it means that all mail access is secure, end-to-end!
In practice, ProtonMail has worked out great for me. I can use my account as the verification email for pretty much any online service and I feel much more confident that it won’t be hacked.
Currently I only use my ProtonMail account for verification and authentication. But I am planning to set up another ProtonMail account specifically for those communications with certain people and businesses that I absolutely, positively need to be private.
Perhaps you should as well.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.