Problem

Security of access to your email account depends on your email account password.

Even if a password is well chosen, what if the password gets intercepted by an attacker? Once that happens, an attacker would be able to send messages via your account as if he was you.

Possessing the password for your email account means anyone is able to retrieve your messages - they are exposed to prying eyes. Additionally, an attacker can delete important messages and you will never receive them.

It is impossible to fully guarantee that your email account password will be kept secure since a password is being transferred in a clear text form over a network and can be intercepted in transit. The password is also being stored in plain view on your hard disk or typed on a keyboard.

Typing a password from the keyboard is insecure because a typed password can be intercepted by software previously installed on your computer, e.g. by so-called "Trojan Horse" software. Don't forget that someone may watch you while you are typing.

SSL connections may only save us from passing a clear text password over a network but the password is still being stored on a hard disk or typed. POP3/SMTP over SSL is a secure data transfer mechanism, it is not actually an authentication mechanism, because we still have to store a password on our hard disk, leaving it vulnerable to "Trojan Horses" or to hardware theft.

Secure authentication mechanisms like CRAM-MD5 avoid passing a clear text password over a network by using a secure digest algorithm. CRAM-MD5 still forces us to store a password on our computer, leaving it vulnerable to "Trojan Horses" or hardware theft

Hardware separated from the computer may help us to solve the problems mentioned above. A password can be stored within such hardware. This hardware can prevent the password from being transferred to a computer where it can be easily intercepted. Authentication can be done within this hardware

Solution

Ritlabs offers SecureBat! which integrates eToken Pro token by Aladin or iKey1000 token by Rainbow Technologies.

The Bat! is an email client with every feature that an advanced user will ever need. It has a lot of security features to protect your email messages and access your email account securely. A token is a small and lightweight personal authentication device that offers everything needed to securely access your email account.

Major benefits of eToken Pro are:

On-board RSA 1024-bit key generation, digital signing and decryption. Highly secure, logical & physical smartcard level security, ITSEC LE4 Certified. Reliability, simplicity, security of smart cards, houses a processor and non-volatile random access memory. USB interface without the hassle and cost of a reader. Easy to carry on a key ring or in a daily planner. Hardware implementation of CRAM-HMAC-MD5 authentication used by POP3/SMTP servers.

Major benefits of iKey1000 are:

Reliability, simplicity, security of smart cards, houses a processor and non-volatile random access memory. USB interface without the hassle and cost of a reader. Easy to carry on a key ring or in a daily planner. Hardware implementation of CRAM-HMAC-MD5 authentication used by POP3/SMTP servers.

Major benefits of The Bat! are:

Unencrypted files never appear on disk, on-the-fly encryption produces no noticeable delays. Only authorized users can access their email accounts. email account passwords cannot be stolen at the client side It makes it possible to use email in those areas where it could not be used previously because of the lack of security.

Utilizing a feature that token devices are not replicable, only the physical owner of the token will have access to the mail servers, provided that he or she also knows the PIN. Proper use of a physical key guarantees the security of an email account.

A physical key to an email account makes it easier to define a responsible party if the account was intercepted by an unauthorized person.

While utilizing a token to securely access your email account, The Bat! uses PGP and S/MIME to protect confidentiality and integrity your messages while they are in transit.

By using the The Bat! with hardware tokens are making your email really secure and are now able to use email in those areas where it could not be used previously.