Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I protect my email from being read by others using my computer?

Question:

How can I protect my email from being read by others using my
computer? I use Outlook Express. I would like a password protection
program. Is their any free or inexpensive programs available (and
simple to use)?

Yes, but not really.

I know, that’s self contradictory, but while we’ll look at a technique
for you to use, you’re actually violating a fundamental principal that
could render anything we do moot.

Become a Patron of Ask Leo! and go ad-free!

“If it’s not physically secure, it’s not secure.”

That’s a fundamental security principal that many people overlook or
choose to ignore. If someone has physical access to your computer they
could gain access to anything and everything you have.

And a shared computer, by definition, is all about shared physical
access.

Now, the common response to this type of scenario is to use
encryption, and indeed that’s exactly the approach we’ll take in a
moment, but particularly in this shared computer scenario it’s not
really enough. If the other people using your computer are savvy and
motivated enough, they could bypass what we’re about to set up.

“If it’s not physically secure, it’s not secure.”

I’ll explain how after I describe the technique.

In a nutshell, I’d have you do what you would do if you were
traveling with
a laptop computer
.

I’d create a encrypted volume using TrueCrypt, and place your email and all of you other
sensitive data there. I’d only mount that volume when actually using
the computer. The rest of the time it would be dismounted, and would
just be so much random data to the other casual users of your
computer.

The biggest issue, in my opinion, is actually Outlook Express. It’s
quite possible to move Outlook Express’s storage location, but
experience shows that it can sometimes be a little fragile to do
so.

And as I alluded do, this is a fine time to start using that
encrypted volume for more than just your email: use it as a place to
keep anything you might not want others to have access to.

OK, so here’s why it won’t work.

I’ll admit that I’m purposely overstating that just a little. To be
fair, if the folks using your computer are trustworthy, then what we’ve
just put into place will work, and will work quite nicely.

But it falls into the category of “keeping honest people honest. I
mean, really, if they were truly trustworthy why did we have to do it
in the first place?

Here’s your worst case scenario that renders everything we’ve done
completely pointless: one of your computer’s other users intentionally
installs spyware – a keystroke logger specifically – and captures the
passphrase you use to secure your encrypted volume. And, while they’re
at it, they use or get administrative access to the machine to bypass
any Windows-level security you might have placed on your account or the
encrypted file.

They have the file, and they have the passphrase. They have your
email – and whatever else you might have placed there.

There’s simply no scenario on a shared computer to actually
guarantee that your information is secure. The mere act of sharing a
computer implies – no, requires – a level of trust. If that trust isn’t
there, then to put it bluntly, you shouldn’t be sharing that
computer.

“If it’s not physically secure, it’s not secure.”

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

12 comments on “How can I protect my email from being read by others using my computer?”

  1. Another solution would be to use a webmail app. The emails would be locked behind a password on a remote server.

    It doesn’t solve the keylogger problem, but then, very little does.

    Reply
  2. While a USB drive would allow you to physically remove the data when you’re not using the computer, nothing prevents spyware from reading the data off the USB drive while it’s plugged in.

    As Leo said: “If it’s not physically secure, it’s not secure.”

    Reply
  3. Ah, yes — but what is *theoretically* possible and what is *practically* possible can (and very frequently are!) two extremely different things. The person who *I* share our computer with, is my 70-year-old mother, who wouldn’t know a “keylogger” from a chance string of random characters. She is also computer-inept — she asks me (on a regular basis!) “Glenn, how do I get on Google?” Folks, confronted with this level of computer (in)expertise, encryption is actually overkill. I could probably do just as well burying my private data in multiple obscure subfolders, and it would be just as secure, at least from my Mom. For me, encryption does VERY nicely for keeping private things Private — I mainly use it as a precaution, in case Someone Else — online, or breaking into our home — should try to access my files. I use Cryptext v3.4 (by Nick Pane), PC-Encrypt v10.2 (by PC-Encrypt.COM), and WinZip v11.2 (by WinZip.COM) for my main encryption needs, and the occasional sundry “Other Program” (e.g., Abi-Coder v3.6.1.4 (by AbiSoft.NET)) for special needs. They all work very well! :)

    Reply
  4. Truecrypt is great, I’ve used it for years and highly recommend it. You could also install a keylogger yourself just to see if anyone on YOUR computer is even trying to ummm go where they’re not supposed to….lol

    Reply
  5. if you use Outlook express there is a solution. All you have to do is create a new identity on Outlook express and then password protect it. this is not extreemeley secure but it will work for home use!
    in outlook express click 0n File, Identities, Manage identities. then click new. On the options for the identities you can check the box “require a password”
    I hope this is helpful, for further questions contact me at revengeofthesquirrels@gmail.com

    Reply
  6. I am running OE6 on XP Pro. I can ‘see’ old dbx files on a backup drive using Windows Explorer. On going through the normal import messages routine (I’ve done it many times in the past), OE cannot find the .dbx file I want to import. It is definitely there, I can see it in WE, OE6 can’t seeit!

    Thanks Fil

    Reply
  7. Leo,

    I have a similar problem and I am just looking for something that will work for me and my company. All of us in the office use GMAIL which has great security features. However we would like to take the extra step to insure that we are really protected. Reason being is because we from time to time have to send things across the internet like company taxes and we only want these to be able to be viewed by who it was sent too. So currently I am scanning the documents to adobe and password protecting the documents then emailing them. Is there a way to just encrypt it using GMAIL by downloading some kind of software?
    Thanks,
    Jeffery

    Password protecting scares me, because application vendors have a history of getting it wrong, and the password being easily cracked. I’d, instead, encrypt using a standalong tool, and send the encrypted file. This article has more: How do I encrypt email?

    – Leo
    04-Mar-2009
    Reply
  8. My online friends told me they saw me online in the night and i don’t browse in the night. it means somesone is using my email because we are using a general computer in the office.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.