Summary: When sharing a computer with others it's important to understand the level of trust you have. That dictates how much security will, and won't work.
How can I protect my email from being read by others using my computer? I use Outlook Express. I would like a password protection program. Is their any free or inexpensive programs available (and simple to use)?
•
Yes, but not really.
I know, that's self contradictory, but while we'll look at a technique for you to use, you're actually violating a fundamental principal that could render anything we do moot.
•
"If it's not physically secure, it's not secure."
That's a fundamental security principal that many people overlook or choose to ignore. If someone has physical access to your computer they could gain access to anything and everything you have.
And a shared computer, by definition, is all about shared physical access.
Now, the common response to this type of scenario is to use encryption, and indeed that's exactly the approach we'll take in a moment, but particularly in this shared computer scenario it's not really enough. If the other people using your computer are savvy and motivated enough, they could bypass what we're about to set up.
I'll explain how after I describe the technique.
•
In a nutshell, I'd have you do what you would do if you were traveling with a laptop computer.
I'd create a encrypted volume using TrueCrypt, and place your email and all of you other sensitive data there. I'd only mount that volume when actually using the computer. The rest of the time it would be dismounted, and would just be so much random data to the other casual users of your computer.
The biggest issue, in my opinion, is actually Outlook Express. It's quite possible to move Outlook Express's storage location, but experience shows that it can sometimes be a little fragile to do so.
And as I alluded do, this is a fine time to start using that encrypted volume for more than just your email: use it as a place to keep anything you might not want others to have access to.
•
OK, so here's why it won't work.
I'll admit that I'm purposely overstating that just a little. To be fair, if the folks using your computer are trustworthy, then what we've just put into place will work, and will work quite nicely.
But it falls into the category of "keeping honest people honest. I mean, really, if they were truly trustworthy why did we have to do it in the first place?
Here's your worst case scenario that renders everything we've done completely pointless: one of your computer's other users intentionally installs spyware - a keystroke logger specifically - and captures the passphrase you use to secure your encrypted volume. And, while they're at it, they use or get administrative access to the machine to bypass any Windows-level security you might have placed on your account or the encrypted file.
They have the file, and they have the passphrase. They have your email - and whatever else you might have placed there.
There's simply no scenario on a shared computer to actually guarantee that your information is secure. The mere act of sharing a computer implies - no, requires - a level of trust. If that trust isn't there, then to put it bluntly, you shouldn't be sharing that computer.
"If it's not physically secure, it's not secure."
Related:
-
Ask Leo! - How do I keep my information on a shared computer private?
-
Ask Leo! - How can I keep data on my laptop secure?
-
Ask Leo! - I've lost the password to my Windows Administrator account, how do I get it back?
Article C3406 - June 4, 2008
Another solution would be to use a webmail app. The emails would be locked behind a password on a remote server.
It doesn't solve the keylogger problem, but then, very little does.
Posted by: Ziggie at June 5, 2008 7:19 AMWhile a USB drive would allow you to physically remove the data when you're not using the computer, nothing prevents spyware from reading the data off the USB drive while it's plugged in.
As Leo said: "If it's not physically secure, it's not secure."
Posted by: Ken B at June 5, 2008 7:40 AMAh, yes -- but what is *theoretically* possible and what is *practically* possible can (and very frequently are!) two extremely different things. The person who *I* share our computer with, is my 70-year-old mother, who wouldn't know a "keylogger" from a chance string of random characters. She is also computer-inept -- she asks me (on a regular basis!) "Glenn, how do I get on Google?" Folks, confronted with this level of computer (in)expertise, encryption is actually overkill. I could probably do just as well burying my private data in multiple obscure subfolders, and it would be just as secure, at least from my Mom. For me, encryption does VERY nicely for keeping private things Private -- I mainly use it as a precaution, in case Someone Else -- online, or breaking into our home -- should try to access my files. I use Cryptext v3.4 (by Nick Pane), PC-Encrypt v10.2 (by PC-Encrypt.COM), and WinZip v11.2 (by WinZip.COM) for my main encryption needs, and the occasional sundry "Other Program" (e.g., Abi-Coder v3.6.1.4 (by AbiSoft.NET)) for special needs. They all work very well! :)
Posted by: Glenn P. at June 10, 2008 11:16 AMTruecrypt is great, I've used it for years and highly recommend it. You could also install a keylogger yourself just to see if anyone on YOUR computer is even trying to ummm go where they're not supposed to....lol
Posted by: David at June 10, 2008 3:48 PMI have Outlook Express, and I can have different identities and password protect each one.
Posted by: C at June 10, 2008 5:05 PMif you use Outlook express there is a solution. All you have to do is create a new identity on Outlook express and then password protect it. this is not extreemeley secure but it will work for home use!
Posted by: ben at June 11, 2008 12:08 AMin outlook express click 0n File, Identities, Manage identities. then click new. On the options for the identities you can check the box "require a password"
I hope this is helpful, for further questions contact me at revengeofthesquirrels@gmail.com
I am running OE6 on XP Pro. I can 'see' old dbx files on a backup drive using Windows Explorer. On going through the normal import messages routine (I've done it many times in the past), OE cannot find the .dbx file I want to import. It is definitely there, I can see it in WE, OE6 can't seeit!
Thanks Fil
Posted by: Fil at June 16, 2008 3:31 PMThanks Leo and all respondents to my question. It appears that encryption is the most widely recommended solution. Appreciate your comments and help. Jim
Posted by: Jim Estes at June 20, 2008 6:37 AMhow can i protect my email to be read by other people using their computer?
Posted by: latoya at December 28, 2008 12:59 PMLeo,
I have a similar problem and I am just looking for something that will work for me and my company. All of us in the office use GMAIL which has great security features. However we would like to take the extra step to insure that we are really protected. Reason being is because we from time to time have to send things across the internet like company taxes and we only want these to be able to be viewed by who it was sent too. So currently I am scanning the documents to adobe and password protecting the documents then emailing them. Is there a way to just encrypt it using GMAIL by downloading some kind of software?
Thanks,
Jeffery
04-Mar-2009