Encrypt Your Emails Before They are Sent to Avoid Interception in Transit or at Rest

September 12, 2017 / in Blog, Tech Essentials / by Zafar Khan, RPost CEO

Your Face is Your Password

Biometric data may soon be replacing passwords on a large scale. We’re not just talking about fingerprints.  Google, Samsung and Apple, among others, are working to integrate eye scans, face and head shape, voice recognition and even body movement into their security features. The new iPhone 8 will offer some of these features. Source The Samsung Galaxy Note8 also offers facial recognition software, but the security of this feature is already being challenged. Source

On September 12th,  Apple will mark its 10th anniversary with the release of the iPhone 8 and the premium model will offer 3-D scanning for facial scanning and virtual reality applications. Banks already allow customers to use fingerprint or iris identification to access accounts from mobile devices. These banks include Bank of America, JP Morgan Chase and Wells Fargo. We expect that once financial services firms widely adopt biometric security settings, other industries will quickly adopt them as well.

A Whole New Threat to Privacy

Are biometric passwords really the answer? Or are consumers further weakening their personal privacy by sharing their finger prints, iris scans and other biometric data with third parties? As we noted in an earlier article, (4th Circuit Court of Appeals Ruling Could Hasten the End of Personal Privacy) it is already legal for a cellular carrier to track and store your movements with cell-site location data. Can a bank share your physical characteristics with an advertiser? How much of a leap must occur before your email service provider is asking for DNA verification?

It’s not Foolproof  

Well, if your password is stolen it is quite easy to change it. If your facial form, retina pattern, or fingerprint is stolen, you are stuck; at least for this lifetime.

For simple ways to secure your information, Tech Essentials recommends considering the new US Government Digital Identity Guidelines. The U.S. National Institute of Standards and Technology (NIST) has issued a new draft of its Digital Identity Guidelines. The Special Publication, 800-63-3, recommends ditching requirements to change passwords frequently and ending the policies that force us to use special characters and numbers in hard to remember combinations. The US Government now recommends using a long phrase that is your “memorized secret” — and if stolen, unlike with biometrics, you can simply choose another memorized secret.

Consider using long passphrases. And, email encryption.

Even if your email inbox is protected by an iris scan, your email messages need to be encrypted before they are sent to avoid interception in transit or at rest once they reach the recipient.