If you buy something using links in our stories, we may earn a commission. Learn more.
This article was taken from the May 2015 issue of WIRED magazine. Be the first to read WIRED's articles in print before they're posted online, and get your hands on loads of additional content by subscribing online.
Email cryptography used to be the preserve of intelligence agencies. But Andy Yen, cofounder and CTO of Geneva-based encrypted email provider ProtonMail, believes that everyone has a right to private communication. Encryption is now easy to use, but an account is only as secure as its user. Here's how to avoid being the weak link in the chain.
Use an encrypted email provider
Services such as Yen's ProtonMail and Peerio include end-to-end encryption, meaning your email is scrambled on your computer. "The message is encrypted before it gets to the server," Yen explains. And because the decryption keys are never sent PC-to-PC, no one else reads it. "The only person who can is the user it's sent to," Yen says.
Watch out for fake sites
Secure sites used by email providers and banks will have SSL certification, allowing you to verify that you're connected to the right site before entering your password. "The built-in browser protection gives you one layer of security," Yen says. "Plug-ins, such as Certificate Patrol, also alert you to forged certificates."
Generate your keys
PGP (Pretty Good Privacy) is the most commonly used encryption protocol. To set this up within your browser, Yen suggests downloading the Mailvelope Chrome extension. Open the menu select options and click Generate Key. Press submit and your Mailvelope keychain will now contain a public key, which you share, and a private key, which you don't.
Set a secure password
Your password is the weakest point of your email. "It doesn't matter how many bits we use on an encryption key," Yen says. "If your password is three letters, it's going to get broken into." You should have at least 12 characters but 20 or more is ideal. Avoid obvious words, and include upper and lower case, numbers and special characters.
Watch out for keyloggers "If your computer itself is compromised, there's no encryption that can save you," Yen says. Keylogging malware is one of the biggest threats. Virtual screens can help, but "the most important thing is to keep your computer updated," Yen says. "You should regularly run an anti-virus scan -- and keep that updated as well."
This article was originally published by WIRED UK
