Helping people with computers... one answer at a time.

When sharing a computer with others it's important to understand the level of trust you have. That dictates how much security will, and won't work.

How can I protect my email from being read by others using my computer? I use Outlook Express. I would like a password protection program. Is their any free or inexpensive programs available (and simple to use)?

Yes, but not really.

I know, that's self contradictory, but while we'll look at a technique for you to use, you're actually violating a fundamental principal that could render anything we do moot.

"If it's not physically secure, it's not secure."

That's a fundamental security principal that many people overlook or choose to ignore. If someone has physical access to your computer they could gain access to anything and everything you have.

And a shared computer, by definition, is all about shared physical access.

Now, the common response to this type of scenario is to use encryption, and indeed that's exactly the approach we'll take in a moment, but particularly in this shared computer scenario it's not really enough. If the other people using your computer are savvy and motivated enough, they could bypass what we're about to set up.

"If it's not physically secure, it's not secure."

I'll explain how after I describe the technique.

In a nutshell, I'd have you do what you would do if you were traveling with a laptop computer.

I'd create a encrypted volume using TrueCrypt, and place your email and all of you other sensitive data there. I'd only mount that volume when actually using the computer. The rest of the time it would be dismounted, and would just be so much random data to the other casual users of your computer.

The biggest issue, in my opinion, is actually Outlook Express. It's quite possible to move Outlook Express's storage location, but experience shows that it can sometimes be a little fragile to do so.

And as I alluded do, this is a fine time to start using that encrypted volume for more than just your email: use it as a place to keep anything you might not want others to have access to.

OK, so here's why it won't work.

I'll admit that I'm purposely overstating that just a little. To be fair, if the folks using your computer are trustworthy, then what we've just put into place will work, and will work quite nicely.

But it falls into the category of "keeping honest people honest. I mean, really, if they were truly trustworthy why did we have to do it in the first place?

Here's your worst case scenario that renders everything we've done completely pointless: one of your computer's other users intentionally installs spyware - a keystroke logger specifically - and captures the passphrase you use to secure your encrypted volume. And, while they're at it, they use or get administrative access to the machine to bypass any Windows-level security you might have placed on your account or the encrypted file.

They have the file, and they have the passphrase. They have your email - and whatever else you might have placed there.

There's simply no scenario on a shared computer to actually guarantee that your information is secure. The mere act of sharing a computer implies - no, requires - a level of trust. If that trust isn't there, then to put it bluntly, you shouldn't be sharing that computer.

"If it's not physically secure, it's not secure."

Article C3406 - June 4, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

12 Comments
Rahul
June 4, 2008 1:46 PM

How 'bout keeping the emails on a USB drive (key or other portable), duly true-crypted?

Ziggie
June 5, 2008 7:19 AM

Another solution would be to use a webmail app. The emails would be locked behind a password on a remote server.

It doesn't solve the keylogger problem, but then, very little does.

Ken B
June 5, 2008 7:40 AM

While a USB drive would allow you to physically remove the data when you're not using the computer, nothing prevents spyware from reading the data off the USB drive while it's plugged in.

As Leo said: "If it's not physically secure, it's not secure."

Glenn P.
June 10, 2008 11:16 AM

Ah, yes -- but what is *theoretically* possible and what is *practically* possible can (and very frequently are!) two extremely different things. The person who *I* share our computer with, is my 70-year-old mother, who wouldn't know a "keylogger" from a chance string of random characters. She is also computer-inept -- she asks me (on a regular basis!) "Glenn, how do I get on Google?" Folks, confronted with this level of computer (in)expertise, encryption is actually overkill. I could probably do just as well burying my private data in multiple obscure subfolders, and it would be just as secure, at least from my Mom. For me, encryption does VERY nicely for keeping private things Private -- I mainly use it as a precaution, in case Someone Else -- online, or breaking into our home -- should try to access my files. I use Cryptext v3.4 (by Nick Pane), PC-Encrypt v10.2 (by PC-Encrypt.COM), and WinZip v11.2 (by WinZip.COM) for my main encryption needs, and the occasional sundry "Other Program" (e.g., Abi-Coder v3.6.1.4 (by AbiSoft.NET)) for special needs. They all work very well! :)

David
June 10, 2008 3:48 PM

Truecrypt is great, I've used it for years and highly recommend it. You could also install a keylogger yourself just to see if anyone on YOUR computer is even trying to ummm go where they're not supposed to....lol

C
June 10, 2008 5:05 PM

I have Outlook Express, and I can have different identities and password protect each one.

ben
June 11, 2008 12:08 AM

if you use Outlook express there is a solution. All you have to do is create a new identity on Outlook express and then password protect it. this is not extreemeley secure but it will work for home use!
in outlook express click 0n File, Identities, Manage identities. then click new. On the options for the identities you can check the box "require a password"
I hope this is helpful, for further questions contact me at revengeofthesquirrels@gmail.com

Fil
June 16, 2008 3:31 PM

I am running OE6 on XP Pro. I can 'see' old dbx files on a backup drive using Windows Explorer. On going through the normal import messages routine (I've done it many times in the past), OE cannot find the .dbx file I want to import. It is definitely there, I can see it in WE, OE6 can't seeit!

Thanks Fil

Jim Estes
June 20, 2008 6:37 AM

Thanks Leo and all respondents to my question. It appears that encryption is the most widely recommended solution. Appreciate your comments and help. Jim

latoya
December 28, 2008 12:59 PM

how can i protect my email to be read by other people using their computer?

Jeffery
March 3, 2009 6:02 PM

Leo,

I have a similar problem and I am just looking for something that will work for me and my company. All of us in the office use GMAIL which has great security features. However we would like to take the extra step to insure that we are really protected. Reason being is because we from time to time have to send things across the internet like company taxes and we only want these to be able to be viewed by who it was sent too. So currently I am scanning the documents to adobe and password protecting the documents then emailing them. Is there a way to just encrypt it using GMAIL by downloading some kind of software?
Thanks,
Jeffery

Password protecting scares me, because application vendors have a history of getting it wrong, and the password being easily cracked. I'd, instead, encrypt using a standalong tool, and send the encrypted file. This article has more: How do I encrypt email?
- Leo
04-Mar-2009

Omaejalile Destiny
May 28, 2010 1:23 AM

My online friends told me they saw me online in the night and i don't browse in the night. it means somesone is using my email because we are using a general computer in the office.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.