Email security is critical when you use wireless networking.
When you use wireless networking at home, if you haven’t set your wireless router and wireless adapters to use the best encryption they will support (currently WPA2 for most personal wireless devices), you don’t have a secure system. You are broadcasting your data unencrypted or with a inadequate encryption method.
That means that anyone who "sniffs" the broadcast signals can read your data.
That data includes web site addresses, passwords (unless the web site provides encryption for that portion of the data), other web site data that you send and that the web site sends to you (unless the web connection is an https:// secure connection or you’re using a VPN), your email server names, email address, email password, and more.
So, most people make the appropriate step and set their home wireless router and adapters to encrypt the transmissions.
The snag comes when you use public wireless access points.
If you use a public wireless access point for accessing your email accounts, unless you are using a secure SSL connection, the IP address, email address and password are all sent without encryption.
If your email account includes webmail access, see if you can do an https:// connection to it, instead of the unencrypted http:// connection.
If you’re using a laptop and a regular email program, make sure that both your inbound POP3 or IMAP settings require secure SSL connections and that your outbound SMTP connections also require SSL connections.
Of course, if your mailserver does not provide that capability (I don’t think many ISP’s do), then you won’t be able to encrypt your email address and password unless you use an https:// webmail connection.
Why is this important?
Using an https:// webmail connection is an important security measure for two reasons:
- The data is encrypted between the web site and your computer, by an encryption agreed between those two computers.
- A wireless router may not have encryption enabled. It probably doesn’t ("I can’t get the password to work…help…"). If it is encrypted, everyone using the router is using the same password. So, everyone can decrypt everyone else’s transmissions — that’s little security.
Even wireless access points that provide time–limited access don’t do that via setting multiple passwords — that’s done via an authorization screen after you’ve successfully connected.
Security is the big difference between wired connections and wireless connections. WEP encryption can be cracked by today’s computers in only a few minutes. WPA can be cracked in a few hours. WPA2 has reportedly just been cracked by researchers.
However, it’s hard for someone to access your transmitted data, user ID’s and passwords if they’re never broadcast — that is, if you use a wired connection.
There are free, easy-to-use wireless sniffing programs available for download on the net. The neighbor, or her child, may be using one…
The guy sitting two tables away at the coffee house may be using one on his laptop…
See these related articles: