Email is one of the most sensitive parts of our online identity. All our accounts–Amazon, PayPal, Facebook, etc–are linked to our email address. This makes email a prime target for hackers. We asked Matthias Pfau, founder of the secure mail service Tutanota, what email providers and users must do to protect their email accounts. According to him, it might be time to leave Gmail and Yahoo behind.
Q: Email is one of the most important online tools. Everybody has an email account, and most of us have some information stored in our emails that we don’t want others to see. How is it possible that massive password hacks such as the Yahoo hack can take place?
A:The main problem are email providers. Many providers don’t secure their users’ passwords as well as they should. The Yahoo hack is unfortunately a very good example. In 2013 and 2014, malicious attackers gained access to 3 billion Yahoo passwords, and the company did not even alert its users.
That’s why security-focused email services such as Tutanota are gaining momentum. We understand that we as developers have to make sure that password hacks are impossible. Email services should never have access to their users’ passwords. The reason is simple: If we don’t have access to the password, malicious attackers can’t steal the password from us. With the right security setup, it is not necessary to actually store the plain password on the server to log people into their mailboxes. It is enough to store a hash–a piece of code that unlocks the right mailbox–that cannot be calculated back into the password. Anyone stealing the hash would end up empty-handed. Most email services also allow their users to sign up with weak passwords that can easily be cracked with brute-force attacks. The average user does not want to think about security and how to achieve it. The email service needs to take care of that for them, and that’s what we at Tutanota already do.
Q: At Tutanota you not only have no access to users’ passwords, but also no access to the content of the users’ mailboxes. All the data is encrypted. Why do you think it is important to encrypt all emails?
A: Email security is inherently broken. Due to the open design of email, it is hugely successful. Anybody can email anybody, no matter where the emails are hosted. It is a very easy tool to contact anybody in the world. However, the open design makes it virtually impossible to adequately secure emails.
As a basis all emails should be protected with SSL encryption. Any email service should have very good SSL ratings, for example on SSLLabs or on Securityheaders.io. Without SSL anybody can copy and read all your emails. Not just the Secret Service, but any malicious attacker who can copy the entirety of a person’s email traffic. Then they scan the data for words like “credit card”. It really is that easy.
However, for adequate email security, we need end-to-end encryption because SSL encryption only builds a tunnel through which the emails are sent. Unfortunately, encryption standards like PGP or S/MIME are too complicated for many, so they never became very popular. That’s why we at Tutanota have decided to rebuild email from scratch, including automatic end-to-end encryption. With Tutanota’s built-in encryption you can be absolutely sure that no one but the intended recipient can read your emails. Only you and the recipient have access to the key to open the email. Mainstream email providers such as Gmail and Yahoo do not have automatic end-to-end encryption.
Q: Basically, what you are saying is that email services need to protect their users’ email accounts much better than most of them do. However, whenever news breaks about password hacks, users are told that they have to correctly secure their accounts. Is there nothing a user can do?
A: Actually, there’s a lot. But what I wanted to point out is that it’s also our responsibility as developers. We have to build an email service that can be used and secured easily–a service that does the security for the user.
When this is done, there are some easy steps users can and should take to secure their online accounts:
- Create strong passwords. Don’t sign up with passwords such as “123456”. “123456” is the most common password being used at the moment. This needs to stop because people don’t even need brute force to figure out such a password. Anybody can guess it–your neighbor, your employer–and then read all your emails.
- Enable 2FA. The best option for two-factor authentication is U2F, which is a physical device needed to log you into your account. Two-factor authentication protects your email account even in a Yahoo-like scenario where attackers steal all users’ passwords.
- Be careful when using a public PC. Always log out and never store your login details in the browser.
- Protect your email address. Don’t publish your email address in blog comments or on social media.
- Use aliases. Alias email addresses are very handy if you want to keep your main email address hidden. Use aliases for signing up for newsletters, etc. If this email address is abused by spammers, you can easily delete it without having to switch your main email address.
- Beware of phishing. Most of the time phishing emails are easy to spot. They always ask you to click on a link and enter your login details. Never do this.
- Use encryption. Encrypt messages containing sensitive info before sending.
- Choose the right service. All seven steps mentioned here are useless if your email provider does not make sure that your email account is set up in a secure way. I am biased on this one, but I recommend Tutanota.