Email security – Why encryption is essential for secure email
In the recent past we’ve some truly astounding instances of email security breaches – both in terms of scale and consequence. Yahoo alone lost 3 billion user records. The hacking of John Podesta’s email account may have swung the US election.
What’s remarkable here is how easy some of these hacks are to pull off – in Podesta’s case, it just took one email that looked like it was from Google recommending a password reset, but was actually sent by a hacker. In terms of difficulty, this isn’t something that only state-sponsored hacking outfits can pull off – any bored sophomore with a computer science background can do this over a weekend.
Given that people tend to use similar passwords across various email and social media accounts, once an attacker has a single password, the potential for misuse and damage is immense. And two-factor authentication doesn’t really solve the problem since once someone has access to an email account, they can read all past emails since they are in plain text.
Major email providers are reluctant to encrypt emails on their servers since their business models are premised on being able to scan users’ emails and delivering targeted ads. If emails are encrypted, providers would not be able to do this since the emails wouldn’t be in plain text, and hence haven’t taken the lead in designing or deploying solutions that offer end-to-end encryption, even though this is already available in popular chat apps such as WhatsApp.
The way end-to-end encryption works is that the email is encrypted on the sender’s device and decrypted on the recipient’s device. At no point in the middle is the encrypted email readable, not even on your email provider’s web interface. This means that even if an intruder gets access to a user’s inbox, it still doesn’t undermine email security since encrypted email is unreadable and looks like garbled text.
Canary offers two distinct methods of email encryption to secure email. The first is SecureSend, an auto method, where the email encryption is handled automatically – users do not need to worry about the key exchange needed to secure mail. Alternatively, advanced PGP users can choose to manage keys manually and use their existing PGP keys generated via tools such as GPGTools, Symantec Email Encryption, Posteo, etc.
The best part? You no longer have to compromise on design, features, or performance to avail cutting-edge email encryption. We’ve designed Canary to help you effortlessly deal with today’s email volumes, via your favorite email provider (IMAP), and to do so securely.