What to Encrypt
If you leave the connection from your email provider to your computer or other device unencrypted while you check or send email messages, other users on your network can easily capture your email login credentials and any messages you send or receive. This hazard typically arises when you use a public network (the Wi-Fi hotspot in a coffee shop, say), but an unencrypted connection can also be pose problems on your work or private network.
Your actual email messages are vulnerable as they travel over the Internet, after leaving your email provider’s server. Bad guys can intercept a message as it bounces from server to server on the Internet. Encrypting your messages before sending them renders them unreadable from the point at which they embark on their journey to the point at which the intended recipient opens them.
If you leave your saved or backed-up email messages (from an email client program like Microsoft Outlook) on your computer or mobile device, a thief or snoop might be able to gain access to them, even if you’ve password-protected your email program and your Windows account or mobile device. Again, encryption renders them unreadable to the intruder.
Step 1: Browse to the signup page and choose your hushmail.com email and passphrase. As you might expect from a ruggedized email service, any old password won’t do — and Hushmail suggests a five-word phrase.
Tip: Don’t forget the passphrase, because unlike many regular passwords, you can’t recover it; if you do forget it, you’ll have to create a new account.
Step 2: Sign in and open the Compose mail Web browser screen. Compose your email as you normally do and select the Encrypt check box.
Tip: Recipients don’t need to be Hushmail users.
Step 3: Type a secret question that only the recipient can answer. For example, “Where do we go for dinner?” and the answer.
Step 4: Press the Send button and the encrypted email will be sent. The recipient receives a normal email with an embedded link that redirects to a Hushmail Web page. Answering the question correctly on the Web page results in the display of the full email.
How to Encrypt Stored Email
If you use an email client or app on your computer or mobile device, rather than checking your email via a Web browser, you should make sure that your stored email data is encrypted so that thieves and snoops can’t access your saved messages if you lose the device or someone steals it.
It’s best to fully encrypt your laptop or mobile device, since the portability of such devices puts them at special risk of being lost or stolen. For more information on encrypting your Windows computer or laptop, see “How to Encrypt Files With Your Windows PC.” For mobile devices it’s best to use an operating system that provides full device encryption by setting a PIN or password to protect your email and other data. BlackBerry and iOS (iPhone, iPad, and iPod Touch) devices have offered this type of encryption for years; Android supports it only in version 3.0 and later. For older Android devices, consider obtaining a third-party email app, like TouchDown for Exchange accounts, that provides encryption.
For desktops and laptops, you can encrypt just your email data files if you prefer not to encrypt the whole computer. The encryption features of email clients vary, so check the documentation for your particular program and version. If your email client doesn’t offer trustworthy encryption, consider selectively encrypting the directory where your email records are stored.