Outlook Express IMAP setup

benjie · 15 May 2009, 12:16 PM

Is the log in Username and Password sent in clear text when logging on to Gmail from Outlook Express? I'm asking because during the setup you have to leave "Log on using Secure Password Authentication" unchecked.

**CyberSmurf** · 15 May 2009, 04:59 PM

I'm not an expert, but I think that since you are using an SSL connection, your username and the password are encrypted.
http://en.wikipedia.org/wiki/Transport_Layer_Security

**ReuvenNY** · 15 May 2009, 08:47 PM

Thunderbird, a competing email client from Mozilla, does it automatically for you. Just indicate you are creating a Gmail account.

benjie · 16 May 2009, 12:22 AM

On the email client side the SSL is set up only for sending and receiving emails. It doesn't seem to have any encryption for Logging on.

**CyberSmurf** · 17 May 2009, 12:27 AM

Are you sure about that?

As far as I know, SSL encrypts all transmissions. That includes usernames and passwords. I've searched and can't find anything to the contrary.

Quote:

Secure Socket Layer (SSL) refers to the standard method for encryption and authentication on the Internet. [provider name] supports encrypted password connections for email clients. This added security provides you with protection against having your password stolen on an insecure connection.

Quote:

Currently when checking email your computer sends your username and password in clear text, which means that a person could intercept your password and use it for nefarious purposes. The first step to eliminate this security issue occurred several years ago, when Information Services enabled a feature (SSL) that encrypts your password. (Technically, it encrypts the entire POP or IMAP session.)

As far as I know, SPA (NTLM) is just another protocol. Leaving it unchecked does not inhibit password encryption in SSL.

Quote:

Microsoft's Exchange server provides an NTLM authentication mechanism for the POP3 protocol. This is a proprietary extension used with the POP3 AUTH command as documented in RFC 1734. On the client side, this mechanism is supported by Outlook and Outlook Express, and is called "Secure Password Authentication".

**CyberSmurf** · 17 May 2009, 12:43 AM

Quote:

Microsoft's Exchange server provides ... a proprietary extension ... supported by Outlook and Outlook Express, ... called "Secure Password Authentication".

"proprietary". I guess that's why the option doesn't appear in my other e-mail clients.

**CyberSmurf** · 17 May 2009, 01:48 AM

Quote:

Thunderbird supports GSSAPI, Kerberos, CRAM_MD5, DIGEST-MD5, NTLM, and APOP. NTLM is also called Secure Password Authentication (SPA) or Windows Integrated Login.

http://kb.mozillazine.org/Connection_errors_-_POP3

popowich · 30 May 2009, 03:17 AM

SSL is always encrypted. TLS starts unencrypted.

A hashed form of your username/password is used when authenticating over TLS.

-Raymond

15 May 2009, 12:16 PM	#1
benjie Junior Member Join Date: May 2009 Posts: 2	Outlook Express IMAP setup Is the log in Username and Password sent in clear text when logging on to Gmail from Outlook Express? I'm asking because during the setup you have to leave "Log on using Secure Password Authentication" unchecked.

15 May 2009, 04:59 PM	#2
CyberSmurf Moderator Join Date: Nov 2001 Location: British Columbia Posts: 4,008	I'm not an expert, but I think that since you are using an SSL connection, your username and the password are encrypted. http://en.wikipedia.org/wiki/Transport_Layer_Security

15 May 2009, 08:47 PM	#3
ReuvenNY Moderator Join Date: Mar 2002 Location: New York Posts: 4,259	Thunderbird, a competing email client from Mozilla, does it automatically for you. Just indicate you are creating a Gmail account.

16 May 2009, 12:22 AM	#4
benjie Junior Member Join Date: May 2009 Posts: 2	On the email client side the SSL is set up only for sending and receiving emails. It doesn't seem to have any encryption for Logging on.

30 May 2009, 03:17 AM	#8
popowich Essential Contributor Join Date: May 2009 Posts: 263 Representative of: EmailQuestions.com	SSL is always encrypted. TLS starts unencrypted. A hashed form of your username/password is used when authenticating over TLS. -Raymond