How can I protect my email from being read by others using my
computer? I use Outlook Express. I would like a password protection
program. Is their any free or inexpensive programs available (and
simple to use)?
Yes, but not really.
I know, that’s self contradictory, but while we’ll look at a technique
for you to use, you’re actually violating a fundamental principal that
could render anything we do moot.
Become a Patron of Ask Leo! and go ad-free!
“If it’s not physically secure, it’s not secure.”
That’s a fundamental security principal that many people overlook or
choose to ignore. If someone has physical access to your computer they
could gain access to anything and everything you have.
And a shared computer, by definition, is all about shared physical
access.
Now, the common response to this type of scenario is to use
encryption, and indeed that’s exactly the approach we’ll take in a
moment, but particularly in this shared computer scenario it’s not
really enough. If the other people using your computer are savvy and
motivated enough, they could bypass what we’re about to set up.
I’ll explain how after I describe the technique.
•
In a nutshell, I’d have you do what you would do if you were
traveling with
a laptop computer.
I’d create a encrypted volume using TrueCrypt, and place your email and all of you other
sensitive data there. I’d only mount that volume when actually using
the computer. The rest of the time it would be dismounted, and would
just be so much random data to the other casual users of your
computer.
The biggest issue, in my opinion, is actually Outlook Express. It’s
quite possible to move Outlook Express’s storage location, but
experience shows that it can sometimes be a little fragile to do
so.
And as I alluded do, this is a fine time to start using that
encrypted volume for more than just your email: use it as a place to
keep anything you might not want others to have access to.
•
OK, so here’s why it won’t work.
I’ll admit that I’m purposely overstating that just a little. To be
fair, if the folks using your computer are trustworthy, then what we’ve
just put into place will work, and will work quite nicely.
But it falls into the category of “keeping honest people honest. I
mean, really, if they were truly trustworthy why did we have to do it
in the first place?
Here’s your worst case scenario that renders everything we’ve done
completely pointless: one of your computer’s other users intentionally
installs spyware – a keystroke logger specifically – and captures the
passphrase you use to secure your encrypted volume. And, while they’re
at it, they use or get administrative access to the machine to bypass
any Windows-level security you might have placed on your account or the
encrypted file.
They have the file, and they have the passphrase. They have your
email – and whatever else you might have placed there.
There’s simply no scenario on a shared computer to actually
guarantee that your information is secure. The mere act of sharing a
computer implies – no, requires – a level of trust. If that trust isn’t
there, then to put it bluntly, you shouldn’t be sharing that
computer.
“If it’s not physically secure, it’s not secure.”
How ’bout keeping the emails on a USB drive (key or other portable), duly true-crypted?
Another solution would be to use a webmail app. The emails would be locked behind a password on a remote server.
It doesn’t solve the keylogger problem, but then, very little does.
While a USB drive would allow you to physically remove the data when you’re not using the computer, nothing prevents spyware from reading the data off the USB drive while it’s plugged in.
As Leo said: “If it’s not physically secure, it’s not secure.”
Ah, yes — but what is *theoretically* possible and what is *practically* possible can (and very frequently are!) two extremely different things. The person who *I* share our computer with, is my 70-year-old mother, who wouldn’t know a “keylogger” from a chance string of random characters. She is also computer-inept — she asks me (on a regular basis!) “Glenn, how do I get on Google?” Folks, confronted with this level of computer (in)expertise, encryption is actually overkill. I could probably do just as well burying my private data in multiple obscure subfolders, and it would be just as secure, at least from my Mom. For me, encryption does VERY nicely for keeping private things Private — I mainly use it as a precaution, in case Someone Else — online, or breaking into our home — should try to access my files. I use Cryptext v3.4 (by Nick Pane), PC-Encrypt v10.2 (by PC-Encrypt.COM), and WinZip v11.2 (by WinZip.COM) for my main encryption needs, and the occasional sundry “Other Program” (e.g., Abi-Coder v3.6.1.4 (by AbiSoft.NET)) for special needs. They all work very well! :)
Truecrypt is great, I’ve used it for years and highly recommend it. You could also install a keylogger yourself just to see if anyone on YOUR computer is even trying to ummm go where they’re not supposed to….lol
I have Outlook Express, and I can have different identities and password protect each one.
if you use Outlook express there is a solution. All you have to do is create a new identity on Outlook express and then password protect it. this is not extreemeley secure but it will work for home use!
in outlook express click 0n File, Identities, Manage identities. then click new. On the options for the identities you can check the box “require a password”
I hope this is helpful, for further questions contact me at revengeofthesquirrels@gmail.com
I am running OE6 on XP Pro. I can ‘see’ old dbx files on a backup drive using Windows Explorer. On going through the normal import messages routine (I’ve done it many times in the past), OE cannot find the .dbx file I want to import. It is definitely there, I can see it in WE, OE6 can’t seeit!
Thanks Fil
Thanks Leo and all respondents to my question. It appears that encryption is the most widely recommended solution. Appreciate your comments and help. Jim
how can i protect my email to be read by other people using their computer?
Leo,
I have a similar problem and I am just looking for something that will work for me and my company. All of us in the office use GMAIL which has great security features. However we would like to take the extra step to insure that we are really protected. Reason being is because we from time to time have to send things across the internet like company taxes and we only want these to be able to be viewed by who it was sent too. So currently I am scanning the documents to adobe and password protecting the documents then emailing them. Is there a way to just encrypt it using GMAIL by downloading some kind of software?
Thanks,
Jeffery
04-Mar-2009
My online friends told me they saw me online in the night and i don’t browse in the night. it means somesone is using my email because we are using a general computer in the office.