Security

PhilC · 12 Oct 2006, 06:27 AM

Email security for travellers

Hi,

I would like to suggest an important security item for people who use to access their email from internet cafes or other insecure computers.

This idea developed from a bad experience I had a couple of years ago; I previously used a supposedly very secure email system (Hushmail), but once while I was travelling and used to access my email in internet cafes, I found that somebody got my passphrase and accessed all my mail.
How? Very simple: the sophisticated supposedly unbreakable Hushmail system had been defeated by a tiny keylogger program. Laughable, isn't it?

So my point is that, however secure an email system is, it can be easily broken in by some small spyware program.

How to check keyloggers? I thought quite a bit about it, and a few ideas came up:

1) Many banks nowadays, after spending huge amounts of money to find a simple and efficient way to solve the spyware problem, came up with a small security device that constantly produces new passwords. Each user
needs two passwords to access his email: the first one is the one chosen by him, the second one is automatically & randomly created by the security device. I don't know how costly it is to set up such a system - it may not be possible for an email provider.

2) Many banks also came up with a similar idea, but cheaper to implement: the bank sends each user a set of 100 passwords of 4 digits each, and each password can be used only once. Again each user needs two passwords: a password chosen by him, and then a second password, which is asked like that: "please enter password No 76".

When the 100 passwords have all been used, the bank sends another 100 4 digits passwords to the user.

3) Optional virtual keyboard with RANDOMLY DISPOSED KEYS: when accessing the web site, it is possible to
a. either just enter one's password "normally", if one is confident that the computer he is using is secure
b. click somewhere on the web page to make a virtual keyboard with randomly disposed keys appear. Then one enters his password by clicking the randomly disposed keys.

For an email provider option 3) might be the easiest one to set up. I would also suggest that, once the password has been entered and the email system is opened, ANOTHER OPTIONAL VIRTUAL KEYBOARD with randomly disposed keys be available to securely type confidential information.
For example, suppose I want to send by email my credit card number to a person also using Fastmail.fm. In principle it is safe to do so if I use secure login (SSL encryption), but if there is a keylogger program on the computer, then the info can be stolen. With this system, a user could therefore type his email using the normal keyboard, but when he wants to enter his credit card number, he can use the virtual keyboard.

Thank you

mentiro · 31 Oct 2006, 04:15 AM

Good ideas - but I can't imagine any e-mail provider implementing any of these...

hadaso · 31 Oct 2006, 05:46 PM

Sending a credit card number in unencrypted email isn't safe. The fact that you access the webmail server using https doesn't mean the email is encrypted. It is sent as clear text, and the recipient might fetch the email using an unencrypted connection in an unsafe environment (internet cafe, infected PC at home etc.)

Some of the login ideas you suggested or variant of them have been suggested in the past.

Having a second password that is good only for browsing and not changing anything can be good enough for accasional use in unsafe places. being able to have several passwords each associated with a set of permissions would be better for people that regularly access email from public places. There is one place that I would like to access FastMail from but I don't since I don't think it is safe enough (tested by instaling software. If I can install then anyone else can, and the computer lab is open to the public).

ewal · 31 Oct 2006, 06:11 PM

PhilC

Good ideas. I don't think that Fastmail would be in a position to implement or even consider options 1 or 2 due to the complexity and costs involved.

Option 3, or rather a similar method, was proposed and both Rob and Jeremy indicated their interest in implementing something like this. What was proposed is to have a dual password function with users being able to enable the secondary password function (say, just before undertaking a journey) with the default login process being as it is now.

After entry of the primary (default) password, the secondary password would be entered via 3 drop down combo boxes with the user being prompted to enter selected characters from their secondary password. So, for example if the secondary password was, say, 'fastmail1' then at each time a user wants to log into their system they would click on the relevant place in their password. For example the system, via 3 drop down combo boxes the user is prompted for the 2nd, 4th and 9th characters, s/he would select a, t and 1 to gain access to their account. The placement that the system prompts would be random, so the next time, say, the 1st, 3rd and 7th characters would be prompted for.

It sounds complicated but in practice is very easy to use (and probably to implement as well). It is the system that my bank uses and if one does the maths (26 alpha plus 10 numerical chars multiplied by 3) it would be very difficult for someone with a keylogging or sreen grabbing software to be able to guess the secondary password. The Fastmail user would have to enter (via the combo boxes) their secondary password several times at the same sitting before anyone could begin to guess what the password may be.

At the request of Rob and Jeremy I sent them screen shots on how this works. I guess it is on a list of 'to-dos' somewhere.

Ed

Si1 · 1 Nov 2006, 05:42 AM

Quote:

Originally posted by ewal
For example the system, via 3 drop down combo boxes the user is prompted for the 2nd, 4th and 9th characters

This would be my preferred system. It would even be effective with a primary password. It works very well with all my Internet banking services. It's easy to implement, too.

MagicDavid · 19 Nov 2006, 12:00 PM

How about this proposal from some time back:

http://www.emaildiscussions.com/...threadid=37205

acid · 19 Nov 2006, 01:05 PM

Or as a secondary login you can use a basic picture matrix and select say....1 pic out of each of 5 rows of (animals / cars / whatever). The pictures of course being randomized within the row each time.

This could be cookie based so it doesnt have to be done every single time you login, just only after a certain time or when using another computer. Then optionally the cookie can be deleted within the interface (or automatically when secure login is chcecked).

12 Oct 2006, 06:27 AM	#1
PhilC Junior Member Join Date: Oct 2006 Posts: 1	Security Email security for travellers Hi, I would like to suggest an important security item for people who use to access their email from internet cafes or other insecure computers. This idea developed from a bad experience I had a couple of years ago; I previously used a supposedly very secure email system (Hushmail), but once while I was travelling and used to access my email in internet cafes, I found that somebody got my passphrase and accessed all my mail. How? Very simple: the sophisticated supposedly unbreakable Hushmail system had been defeated by a tiny keylogger program. Laughable, isn't it? So my point is that, however secure an email system is, it can be easily broken in by some small spyware program. How to check keyloggers? I thought quite a bit about it, and a few ideas came up: 1) Many banks nowadays, after spending huge amounts of money to find a simple and efficient way to solve the spyware problem, came up with a small security device that constantly produces new passwords. Each user needs two passwords to access his email: the first one is the one chosen by him, the second one is automatically & randomly created by the security device. I don't know how costly it is to set up such a system - it may not be possible for an email provider. 2) Many banks also came up with a similar idea, but cheaper to implement: the bank sends each user a set of 100 passwords of 4 digits each, and each password can be used only once. Again each user needs two passwords: a password chosen by him, and then a second password, which is asked like that: "please enter password No 76". When the 100 passwords have all been used, the bank sends another 100 4 digits passwords to the user. 3) Optional virtual keyboard with RANDOMLY DISPOSED KEYS: when accessing the web site, it is possible to a. either just enter one's password "normally", if one is confident that the computer he is using is secure b. click somewhere on the web page to make a virtual keyboard with randomly disposed keys appear. Then one enters his password by clicking the randomly disposed keys. For an email provider option 3) might be the easiest one to set up. I would also suggest that, once the password has been entered and the email system is opened, ANOTHER OPTIONAL VIRTUAL KEYBOARD with randomly disposed keys be available to securely type confidential information. For example, suppose I want to send by email my credit card number to a person also using Fastmail.fm. In principle it is safe to do so if I use secure login (SSL encryption), but if there is a keylogger program on the computer, then the info can be stolen. With this system, a user could therefore type his email using the normal keyboard, but when he wants to enter his credit card number, he can use the virtual keyboard. Thank you

31 Oct 2006, 04:15 AM	#2
mentiro Member Join Date: Apr 2002 Posts: 37	Good ideas - but I can't imagine any e-mail provider implementing any of these...

31 Oct 2006, 05:46 PM	#3
hadaso The "e" in e-mail Join Date: Oct 2002 Location: Holon, Israel. Posts: 4,837	Sending a credit card number in unencrypted email isn't safe. The fact that you access the webmail server using https doesn't mean the email is encrypted. It is sent as clear text, and the recipient might fetch the email using an unencrypted connection in an unsafe environment (internet cafe, infected PC at home etc.) Some of the login ideas you suggested or variant of them have been suggested in the past. Having a second password that is good only for browsing and not changing anything can be good enough for accasional use in unsafe places. being able to have several passwords each associated with a set of permissions would be better for people that regularly access email from public places. There is one place that I would like to access FastMail from but I don't since I don't think it is safe enough (tested by instaling software. If I can install then anyone else can, and the computer lab is open to the public).

31 Oct 2006, 06:11 PM	#4
ewal Master of the @ Join Date: Apr 2002 Location: West Sussex, UK Posts: 1,334	PhilC Good ideas. I don't think that Fastmail would be in a position to implement or even consider options 1 or 2 due to the complexity and costs involved. Option 3, or rather a similar method, was proposed and both Rob and Jeremy indicated their interest in implementing something like this. What was proposed is to have a dual password function with users being able to enable the secondary password function (say, just before undertaking a journey) with the default login process being as it is now. After entry of the primary (default) password, the secondary password would be entered via 3 drop down combo boxes with the user being prompted to enter selected characters from their secondary password. So, for example if the secondary password was, say, 'fastmail1' then at each time a user wants to log into their system they would click on the relevant place in their password. For example the system, via 3 drop down combo boxes the user is prompted for the 2nd, 4th and 9th characters, s/he would select a, t and 1 to gain access to their account. The placement that the system prompts would be random, so the next time, say, the 1st, 3rd and 7th characters would be prompted for. It sounds complicated but in practice is very easy to use (and probably to implement as well). It is the system that my bank uses and if one does the maths (26 alpha plus 10 numerical chars multiplied by 3) it would be very difficult for someone with a keylogging or sreen grabbing software to be able to guess the secondary password. The Fastmail user would have to enter (via the combo boxes) their secondary password several times at the same sitting before anyone could begin to guess what the password may be. At the request of Rob and Jeremy I sent them screen shots on how this works. I guess it is on a list of 'to-dos' somewhere. Ed

19 Nov 2006, 12:00 PM	#6
MagicDavid Senior Member Join Date: Aug 2005 Location: England, UK Posts: 164	How about this proposal from some time back: http://www.emaildiscussions.com/...threadid=37205

19 Nov 2006, 01:05 PM	#7
acid Member Join Date: Jun 2005 Location: USA Posts: 47	Or as a secondary login you can use a basic picture matrix and select say....1 pic out of each of 5 rows of (animals / cars / whatever). The pictures of course being randomized within the row each time. This could be cookie based so it doesnt have to be done every single time you login, just only after a certain time or when using another computer. Then optionally the cookie can be deleted within the interface (or automatically when secure login is chcecked).