Posts tagged Hotmail
How to easily encrypt email, Gmail, Hotmail, Outlook, Yahoo; Virtru is free, protects your digital privacy, and is so super easy to use that even your non-techie grandma could and should use it.
I believe privacy is a fundamental right, so what better way to celebrate Data Privacy Day than to show you how to encrypt email easily and keep those emails both private and secure?
Meet Virtru, an email security app that encrypts your email before it leaves your device; it includes fine-grained privacy controls so only you and the person to whom you sent the email can access it…meaning government snoops, third parties, advertisers, ISPs and even cybercrooks can’t access your email messages. Thanks to Virtru’s Chrome and Firefox browser extensions, you can keep your Gmail, Outlook or Yahoo email accounts and still have secure and private email. And you can protect your digital privacy for the low, low price of FREE! Virtru is so super easy to use that even your non-techie grandma could and should use it.
Before we jump to the how-to, let me introduce the founders of Virtru: brothers Will and John Ackerly. When Will worked at the NSA as a cloud security architect, he invented the Trusted Data Format (TDF) that Virtru, and intelligence agencies, use. “After serving eight years at the NSA, he came away from the experience entirely convinced that users need to take action to preserve their own privacy.” John, who served as associate director of the National Economic Council and director of the Office of Policy and Strategic Planning at the Commerce Department under President George W. Bush, said of Virtru, “The fundamental motivator here is…the need to give individuals practical tools to exercise their fundamental right to privacy.”
How to encrypt email with Virtru
For webmail, Virtru currently offers a Chrome extension and Firefox add-on to encrypt Gmail, Outlook, Hotmail or Yahoo. There’s also a mobile app for Apple, with the Android app, as well as plugins for Outlook and Mac Mail programs, and extensions for Internet Explorer versions 10 and up, and Safari coming in the future. Although I’ve tested both Chrome and Firefox add-ons for Gmail, Hotmail and Yahoo, the following examples are primarily screenshot captures from Gmail and Hotmail. Email addresses have been redacted.
First, go get the add-on for Firefox and/or Chrome. After it is installed in your browser, simply click to activate Virtru for your webmail.
Virtru app permissions in Outlook:
Virtru app permissions in Outlook
Virtru in Outlook first look:
Virtru in Outlook first look
Virtru activate message if you send encrypted Gmail to a person not using Virtru:
Virtru activate message if you send Gmail to person not using Virtru
Virtru security bar
Virtru security bar new in Hotmail, Gmail, Outlook, YahooYou will then receive a message notifying you about the Virtru security bar.
You can easily turn Virtru on and off. If it’s grayed-out, then it’s off. It’s blue when you turn on Virtru protection.
Easily turn Virtru security bar off and on
When Virtru is on in Outlook, Hotmail, Gmail or Yahoo, your “send” button Example of Virtru send secure buttonbecomes a “send secure” button as seen in this Outlook example.
Drafts on Yahoo are not encrypted by Virtru
As a side note of caution regarding the cloud, if you use Yahoo, then know that Yahoo drafts are not currently encrypted by Virtru. Try to avoid such drafts; it’s fodder for the mass surveillance powers-that-be if you’ve become a target.
Every email protected by Virtru is secured with the most Advanced Encryption Standard available, AES-256. The Virtru software, either installed via browser add-on or mobile app, encrypts your email before it leaves your device. When you hit send, Virtru protects the encryption keys with perfect forward secrecy. Only you and the person to whom you sent the email can access the content.
The TDF format controls access privileges for “all file types (ie, emails, text messages, Office files, pdfs, photos, videos).” When you send a Virtru-protected email, “your content is encrypted and secured inside a TDF wrapper. When your receiver attempts to open it, the wrapper communicates with the Virtru server to verify that the receiver is eligible to see the information.”
When you have installed Virtru and you receive an encrypted email, the decryption happens quickly when you open it.
Virtru decrypting email
Disable forwarding and set email expiration date
On the right-side of the Virtru security bar, you have options to disable email forwarding and to set up an expiration date for how long your recipient has access to your sent email.
Virtru disable email forwarding; set email expiration time
If you disable email forwarding, then if Alice sent email to Bob, and Bob forwarded Alice’s email to Mallory, Mallory would not be able to open it. Regarding The Register’s claim that a person can defeat Virtru by copying and pasting from the email, the fix for that is coming.
“On the copy/paste front, we have a technical solution, but we haven’t yet rolled it out,” Will told me. “Our main focus is on protecting the emails as they go from sender to recipient, as well as when stored on servers and your devices, but use after decryption isn’t our first ‘privacy’ concern.”
Revoke or reauthorize email messages
Virtru “thinks everyone deserves real privacy and control over their data, even after hitting the send button,” so sent email comes with an option to revoke access.The red hand icon allows you to revoke email; this is especially handy if you sent an unwise, angry email in haste.
Virtru revoke message
Below is what the recipient sees if you revoke access to a sent email:
Virtru revoked access message
Virtru, reauthorize revoked email
If you change your mind again, such as if the revoke access was due to a lover’s spat, then you click on the blue eye to reauthorize your recipient’s access to your sent email.
Virtru Secure Reader
If you want to send Virtru encrypted email to a person at work, who maybe does not have the admin rights to install browser add-ons, no problem. Virtru also has a web-based Secure Reader.
Virtru redirects to you have secure mail via browser add-on or install nothing and use web-based reader
When you send your first email to a person not using Virtru, if they choose the Virtru Secure Reader option, then they will be asked to verify their identity; this insures that only the recipient you intended can open the email. By using OpenID and OAuth protocols, the recipient does not need to setup a new account or yet another password. Instead, they can verify their identity via their existing Gmail, Microsoft or Yahoo email provider.
Virtru Secure Reader, verify your identity to use service where you received secure Virtru email
If your recipient forwards an email that you protected with “disable forwarding,” this is what the non-authorized person sees via Virtru Secure Reader.
Virtru secure reader, attempt to read forwarded email protected by disabled forwarding
Virtru wanted to make encryption easy for absolutely everyone to use without sacrificing security; the creators believe in your fundamental right to have digital privacy and provided a tool that combines strong encryption with granular privacy controls. They claim Virtru will change the way we use email, and it surely could. The purpose of all these screenshots was to show you every aspect of how easy it is to use Virtru.
For people who would like more in-depth details of how Virtru works, then I encourage you to go read more. Virtru also has an open source strategy, which includes making a collection of open source Virtru components available on GitHub.
Although it’s only in beta right now, I still highly recommend that you try Virtru. There is no reason Virtru should not be widely accepted by the masses to escape mass surveillance. Please do give it a try. Happy International Data Privacy Day! Why don’t you celebrate by taking back control of your email and digital privacy?
Summary: About 20 percent of compromised credentials, exposed via hacks on other service providers, match Microsoft Account logins due to password reuse
Around 20 percent of the logins found on lists of compromised credentials match those of Microsoft Accounts due to consumers using the same login details across more than one service, the company has said.
The lists are circulated by organisations and hackers in the wake of attacks on third-party service providers.
People re-use passwords and login details across services from different providers, Microsoft Account group manager Eric Doerr noted in a blog post on Sunday. That reuse means that if one set of logins is compromised, other accounts are at risk.
“These attacks shine a spotlight on the core issue — people reuse passwords between different websites,” said Doer, speaking after the Yahoo breach last week that exposed 400,000 user details. “On average, we see successful password matches of around 20 percent of matching usernames.”
Doer revealed the figure in a run-down of some Microsoft Account security practices, meant to reassure customers after the Yahoo hack. Microsoft Account is a single sign-on tool for Microsoft services such as SkyDrive, Hotmail, Xbox and Messenger.
Microsoft regularly gets lists of compromised third-party login details from ISPs, law enforcement and vendors, as well as from lists published on the internet by hackers, according to Doerr. This information is checked against Microsoft login details using an automated process to check for any overlap. While 20 percent is the average, in one recent breach it was only 4.5 percent, said Doerr.
After a hack attack on another provider, Microsoft monitors its user accounts to see if they are being used to send spam. If it sees signs of criminal activity, it suspends the account, and the affected customer has to go through an account recovery process before being able to log in again.
If Microsoft suspects, but is not certain, that there has been a breach, it will ask customers to reset their passwords.
The company also uses behavioural monitoring technology similar to that used by banks to log patterns of access and location, to see if an attempted login is suspicious. The technology can block the attempt, or ask an additional identity question to decide whether to grant access.
The Microsoft Account team is working on tightening up security, Doerr said. The current 16-character limit on password length is set to increase, to make brute force attacks more difficult, for example. However, Microsoft is having problems making passwords longer because of its ecosystem, he noted.
“Unfortunately, for historical reasons, the password validation logic is decentralised across different products, so it’s a bigger change than it should be and takes longer to get to market,” Doerr said.
Yahoo, Gmail, Hushmail, Yandex and MyOperaMail all allow passcode lengths of 30 characters, as one Microsoft account holder, MondayBlues, pointed out in a comment.
Doerr noted that people using SkyDrive device-synchronisation software and buying products on Xbox.com are required to use two-factor authentication. Microsoft is working on implementing this security measure in more products and services, he said, but did not specify which.
Updated: This article was updated at 5.22pm BST after clarification from Microsoft.
Microsoft’s Outlook.com comes out of preview phase
Hotmail users will be upgraded to the new email service by summer
Microsoft has moved its email service Outlook.com out of the preview phase, and plans a marketing campaign to boost its adoption worldwide.
The service, which claims 60 million active users since the preview was released last July, will soon start to upgrade Hotmail users to the new service, David Law, director of product management at Outlook.com, wrote in a blog post on Monday.
At launch of the preview, Microsoft said Outlook.com would eventually replace Hotmail. The migration of Hotmail users, which will be completed by summer, will be seamless, and users’ @hotmail.com email address, password, messages, folders, contacts, rules, vacation replies, and other features will stay the same, with no disruption in service, Law wrote. He did not specify a date when the transition would be complete. Users won’t have to switch to an @outlook.com address if they prefer not to, he added.
Microsoft is also launching a large-scale marketing campaign to promote the service worldwide, stating that it is confident that Outlook.com is ready to scale to a billion people.
“A number of people have expressed appreciation that Outlook.com replaces advertising with the latest updates from Facebook or Twitter when they’re reading email from one of their contacts,” Law wrote. On an average, people saw 60% fewer ads when using Outlook.com because they now get much more relevant updates from their friends, he added.
Microsoft launched recently a campaign against Gmail in the U.S., targeting Google’s alleged practice of going through the contents of all Gmail messages to sell and target advertisements. The “Don’t Get Scroogled by Gmail” campaign on Microsoft’s Scroogled.com promotes Outlook.com as an alternative to Gmail. Microsoft asked users to sign a petition to stop Google from going through personal email to sell ads.