9.2. Logging In Securely

The first potential security hole in your email setup involves the credentials you use to log in to check and send email. Needless to say, whoever can guess or steal your password can log in to your account — checking your email and sending email in your name. Because your username is usually either your email address or the portion of the address before the @ sign, only your password is truly confidential, and it pays to keep it that way. And yet, by default, many email clients send this information in cleartext over the Internet when logging in to mail servers, and it's easily intercepted by anyone with access to any of the network segments between your computer and the server.

Several methods are available to encrypt your credentials in the process of logging in to your mail server, so that even if someone is eavesdropping on your network traffic, at least that crucial information remains hidden. As long as your ISP or email provider supports secure logins (as most do), you should make use of this capability. Be sure to check with your provider to see which method(s) of secure login they support, such as MD5 Challenge-Response, NTLM (NT LAN Manager), or Kerberos.

NOTE

If you use SSL to send and receive mail, as described later in this chapter, your logins are already encrypted, even if your client appears to be configured to use an insecure login method.

Secure logins don't mean your email itself is encrypted, but they do mean that the only data eavesdroppers ...

Get Mac® Security Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.