How risky is using e-mail to manage passwords?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
4
down vote
favorite
No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.
Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.
So, the main reasons I think this may be "ok" are:
- The messages are stored only on my local machine. After receiving
them, I make sure that all copies are removed from the server. - The (corporate) e-mail system I use is encrypted and "safe"
- To gain access to the passwords, a hacker would need to be granted
access to my machine which is less likely as it is on a corporate
network. - If a hacker did happen to gain access, he would not likely think to
look in archived e-mail messages stored on the local machine
So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?
password-management
New contributor
add a comment |Â
up vote
4
down vote
favorite
No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.
Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.
So, the main reasons I think this may be "ok" are:
- The messages are stored only on my local machine. After receiving
them, I make sure that all copies are removed from the server. - The (corporate) e-mail system I use is encrypted and "safe"
- To gain access to the passwords, a hacker would need to be granted
access to my machine which is less likely as it is on a corporate
network. - If a hacker did happen to gain access, he would not likely think to
look in archived e-mail messages stored on the local machine
So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?
password-management
New contributor
What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
â reed
5 hours ago
I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
â Ben
4 hours ago
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.
Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.
So, the main reasons I think this may be "ok" are:
- The messages are stored only on my local machine. After receiving
them, I make sure that all copies are removed from the server. - The (corporate) e-mail system I use is encrypted and "safe"
- To gain access to the passwords, a hacker would need to be granted
access to my machine which is less likely as it is on a corporate
network. - If a hacker did happen to gain access, he would not likely think to
look in archived e-mail messages stored on the local machine
So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?
password-management
New contributor
No doubt there a better and more secure ways to manage passwords, but I'd like to can make an informed decision to determine if this is just too risky.
Briefly then, when I receive a "welcome new user" message, I forward that message to myself and include the password. I know, I know, this is basically an electronic version of post-it notes but I have a couple of good reasons for using it. I need your help to see if they are good enough or if they are even valid.
So, the main reasons I think this may be "ok" are:
- The messages are stored only on my local machine. After receiving
them, I make sure that all copies are removed from the server. - The (corporate) e-mail system I use is encrypted and "safe"
- To gain access to the passwords, a hacker would need to be granted
access to my machine which is less likely as it is on a corporate
network. - If a hacker did happen to gain access, he would not likely think to
look in archived e-mail messages stored on the local machine
So, am I just asking to have all of my passwords compromised? I there any way to quantify this risk?
password-management
password-management
New contributor
New contributor
New contributor
asked 5 hours ago
Michael J
211
211
New contributor
New contributor
What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
â reed
5 hours ago
I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
â Ben
4 hours ago
add a comment |Â
What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
â reed
5 hours ago
I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
â Ben
4 hours ago
What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
â reed
5 hours ago
What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
â reed
5 hours ago
I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
â Ben
4 hours ago
I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
â Ben
4 hours ago
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
4
down vote
- ... I make sure that all copies are removed from the server.
No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.
- If a hacker did happen to gain access, he would not likely think to look ...
Now he would.
Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.
add a comment |Â
up vote
1
down vote
The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.
Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.
The (corporate) e-mail system I use is encrypted and "safe"
This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.
This would be an implementation of PGP.
To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.
Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.
I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.
If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine
While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.
Is there any way to quantify this risk?
I can break this down into several other points:
- Is full-disk encryption used?
- or is user directory encryption used?
- How easily can the email profile contents be accessed locally?
- is profile encryption used?
- How protected are you against spyware?
- What safeguards do you have against physical access, e.g. Evil Maid Attack?
These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.
For further reading, Is sending password to user email secure?
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
- ... I make sure that all copies are removed from the server.
No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.
- If a hacker did happen to gain access, he would not likely think to look ...
Now he would.
Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.
add a comment |Â
up vote
4
down vote
- ... I make sure that all copies are removed from the server.
No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.
- If a hacker did happen to gain access, he would not likely think to look ...
Now he would.
Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.
add a comment |Â
up vote
4
down vote
up vote
4
down vote
- ... I make sure that all copies are removed from the server.
No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.
- If a hacker did happen to gain access, he would not likely think to look ...
Now he would.
Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.
- ... I make sure that all copies are removed from the server.
No, you don't. Copies may exist in backups, swapfiles, wear-leveled Flash memory, and elsewhere.
- If a hacker did happen to gain access, he would not likely think to look ...
Now he would.
Just use one of the well-reviewed password manager programs. Re-inventing the square wheel is a poor use of your time.
answered 4 hours ago
mlp
46046
46046
add a comment |Â
add a comment |Â
up vote
1
down vote
The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.
Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.
The (corporate) e-mail system I use is encrypted and "safe"
This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.
This would be an implementation of PGP.
To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.
Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.
I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.
If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine
While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.
Is there any way to quantify this risk?
I can break this down into several other points:
- Is full-disk encryption used?
- or is user directory encryption used?
- How easily can the email profile contents be accessed locally?
- is profile encryption used?
- How protected are you against spyware?
- What safeguards do you have against physical access, e.g. Evil Maid Attack?
These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.
For further reading, Is sending password to user email secure?
add a comment |Â
up vote
1
down vote
The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.
Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.
The (corporate) e-mail system I use is encrypted and "safe"
This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.
This would be an implementation of PGP.
To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.
Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.
I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.
If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine
While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.
Is there any way to quantify this risk?
I can break this down into several other points:
- Is full-disk encryption used?
- or is user directory encryption used?
- How easily can the email profile contents be accessed locally?
- is profile encryption used?
- How protected are you against spyware?
- What safeguards do you have against physical access, e.g. Evil Maid Attack?
These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.
For further reading, Is sending password to user email secure?
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.
Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.
The (corporate) e-mail system I use is encrypted and "safe"
This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.
This would be an implementation of PGP.
To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.
Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.
I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.
If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine
While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.
Is there any way to quantify this risk?
I can break this down into several other points:
- Is full-disk encryption used?
- or is user directory encryption used?
- How easily can the email profile contents be accessed locally?
- is profile encryption used?
- How protected are you against spyware?
- What safeguards do you have against physical access, e.g. Evil Maid Attack?
These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.
For further reading, Is sending password to user email secure?
The messages are stored only on my local machine. After receiving them, I make sure that all copies are removed from the server.
Unless GPG/PGP or SSL/TLS is used between email servers. E.g. an email from Outlook being sent to Gmail. Then this would be a huge risk point. However, without E2EE (end-to-end encryption) server A and server B, can still read the emails, as SSL/TLS will only provide endpoint security between the two servers, and not at rest.
The (corporate) e-mail system I use is encrypted and "safe"
This would be fine, except the wording 'corporate'. As I cannot see how E2EE is handled, therefore, I cannot place any trust in ciphers. This has another problem though, does corporate email (server A) encrypt the email so only you can access the email? This means once the email is encrypted, server A and server B (where the email will be received from server A) cannot read the plaintext email contents. The only one capable of decrypting the ciphertext is you, and not any server.
This would be an implementation of PGP.
To gain access to the passwords, a hacker would need to be granted access to my machine which is less likely as it is on a corporate network.
Given no plaintext, or decryptable copies (within a reasonable timeframe) are kept on any servers, this sounds good. However, you must now ensure the emails stored locally can only be accessed by you, and if your machine is compromised, how will you play interference? Encrypting your local email contents could be a viable option here. Mozilla Thunderbird offers 'profile encryption'. However, this only allows Encrypting File System (EFS), which provides it's the only limitation. EFS will need to be your choice. Personally, I would opt for either an encrypted virtual machine (full-disk encryption) or, another user where I would encrypt the user's home directory.
I can foresee another problem though because Thunderbird does not know the message body contains a sensitive password, it may store contents within the cache, swap memory or make temporary files stored within secondary storage (e.g. HDD) - Note this point is mereconjecture and should be acknowledged for all programs.
If a hacker did happen to gain access, he would not likely think to look in archived e-mail messages stored on the local machine
While this could be unlike, I would not want to risk my security on 'hope', especially the idea of 'I hope they will not think of this'.
Is there any way to quantify this risk?
I can break this down into several other points:
- Is full-disk encryption used?
- or is user directory encryption used?
- How easily can the email profile contents be accessed locally?
- is profile encryption used?
- How protected are you against spyware?
- What safeguards do you have against physical access, e.g. Evil Maid Attack?
These are only a few points, more can be added, but these would be major attack vectors to consider. If you are considering an alternative, but want an open source solution, consider KeePassX. If used correctly, it can also be used as a cloud-based password manager.
For further reading, Is sending password to user email secure?
answered 4 hours ago
safesploit
1,240417
1,240417
add a comment |Â
add a comment |Â
Michael J is a new contributor. Be nice, and check out our Code of Conduct.
Michael J is a new contributor. Be nice, and check out our Code of Conduct.
Michael J is a new contributor. Be nice, and check out our Code of Conduct.
Michael J is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193743%2fhow-risky-is-using-e-mail-to-manage-passwords%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
What do you mean "your email system is encrypted and safe"? Also, why wouldn't an attacker think of looking at your emails or archives? That's pretty interesting stuff, as an attacker I would definitely look there. Also, you remove copies from the server, but you can't make sure they are also removed from backups, disks, snapshots, caches, etc. I wouldn't like my passwords to be sent by email.
â reed
5 hours ago
I think the better question is, why would you use this method, when "real" password managers are: 1) more convenient 2) more user-friendly/easier to use 3) more secure 4) more portable 5) less likely to suffer data loss 6) actually designed for the purpose? You're jumping through hoops to avoid using something that will make your life both easier and more secure.
â Ben
4 hours ago