Don’t send personal information through e-mail because it is clear text!

You’ve probably heard and read that admonition so many times that you’ve tuned it out as just more geek speak – stuff only techie-types read and heed. Geek speak is not your language; and after all, you’ve been using e-mail for eons now without any real problems due to clear text…  So what’s the problem?

BB2Browsing Bowser now is thinking out loud: Clear text?  That doesn’t sound like geeky language. It sounds like normal English to me.  So why is there a warning about when it doesn’t seem dangerous?   Hmmm. OK. I have to admit, I’ve pretty much ignored the warning myself without giving it much thought. So I’ll bite – why is there a warning about clear text and why should I be paying more attention to it?

Glad you asked, Browsing Bowser! Because – simple as these two words sound, clear text is all about your security, protecting your personal information and cyber crime.

Let’s start with definitions and then try to explain why this warning is so vital to your security.   Text in the context of email commonly means written or printed wordsClear in this sense means visible as written.  Therefore, clear text is text that is visible as written.

Browsing Bowser here – So far, that doesn’t sound very profound… What’s the big deal?

Be patient, BB.  The “big deal” is the security issue surrounding clear text.  In security terms, clear text is unencrypted text – text that has not been altered in a way to make it unreadable without a decryption tool.

Browsing Bowser here again.  Decryption? Unreadable? I thought email was supposed to be easy to read?

Yes, it is, BB, but only after it arrives in the recipient’s inbox. Email in clear text can be a problem on the way to the recipient’s mailbox.  Because of the complex way that the email travels to its destination, it can be “sniffed” or discovered by someone with malicious intent.  If that happens, and the email is clear text, all its content can be read and used by the interceptor.

Sniffed? As a dog, I understand sniffing, says Browsing Bowser. But what does that mean in cyber terms?

Similar concept, BB. Sniffers – more correctly packet sniffers, are utilities used to discover and capture data over networks. Network administrators use them to monitor and diagnose network issues. That’s a beneficial use of packet sniffers. Packet sniffers can also be used maliciously to capture data, like email, across the internet (giant network), as I just mentioned. And “sniffer” utilities are easily available – to both network pros and cyber bad guys.

Starting to see a connection here to clear text and possible violations to your security? Not yet?

OK.  Here’s an analogy that is often used to describe the vulnerability of  email in clear text:

Envelope2You are sending a very personal and important letter to a friend through the postal system. The letter includes passwords, credit card numbers, bank account information, social security numbers, personal information, even gossip. But, you write your letter on the envelope, not in it. Anyone who handles your envelope can read your information!       (click on image to enlarge…)

So back to the warning –

Don’t send personal information through e-mail because it is clear text…

Clear?

 

Advertisements