Secure alternative to gmail

[sutekj]

Currenlty I use a gmail account for all my personal stuff. This includes my medical aid, all ADSL accounts, my banking, etc. There is obviously a lot of sensitive information in there. I know that gmail isn't too secure.

I don't know all the ways that gmail can be hacked, but I'm wondering what a cheap, secure alternative is? Is it more secure to get an email account from a buying a domain? I know a lot of ISP's give you free e-mail accounts when you have an ADSL subscription with them; are those more secure than gmail?

I'd also just like some general security advice regarding e-mail, thanks.

 

[HavocXphere]

http://en.wikipedia.org/wiki/Hushmail

 

[fragtion]

I know that gmail isn't too secure.

You know that gmail isn't too secure? How do you know this? As far as I know it's extremely secure, and because GMAIL is so massive I wouldnt worry about having my info there as opposed to a smaller company whose reputation isn't as sensitive as Google's. I really wouldn't worry about using GMAIL. Get yourself a strong password and you're safe.

 

[HavocXphere]

You know that gmail isn't too secure? How do you know this?

I can think of at least 2 incidents where it got hacked.

 

[Shred]

Currenlty I use a gmail account for all my personal stuff. This includes my medical aid, all ADSL accounts, my banking, etc. There is obviously a lot of sensitive information in there. I know that gmail isn't too secure.

I don't know all the ways that gmail can be hacked, but I'm wondering what a cheap, secure alternative is? Is it more secure to get an email account from a buying a domain? I know a lot of ISP's give you free e-mail accounts when you have an ADSL subscription with them; are those more secure than gmail?

I'd also just like some general security advice regarding e-mail, thanks.

Yes, gmail will get hacked if your password is that same password that you registered with on dodgy sites. Use a strong password. Gmail rules.

 

[fragtion]

I can think of at least 2 incidents where it got hacked.

Please share. Gmail was never hacked? Maybe someone's account was hacked - because they were not using a secure enough password, or they leaked the password? That's the user's own negligence - for you to stay away from GMail because someone else's account was hacked because they can't look after their own password is completely irrational on your part, because A) you could use a better password and look after it, and B) The same thing could happen on any other email site if your password was leaked. So then, what's the advantage of using another email provider?

 

[syntax]

Yes, gmail will get hacked if your password is that same password that you registered with on dodgy sites. Use a strong password. Gmail rules.

Please share. Gmail was never hacked? Maybe someone's account was hacked - because they were not using a secure enough password, or they leaked the password? That's the user's own negligence - for you to stay away from GMail because someone else's account was hacked because they can't look after their own password is completely irrational on your part, because A) you could use a better password and look after it, and B) The same thing could happen on any other email site if your password was leaked. So then, what's the advantage of using another email provider?

Yeah, agree with both of the above,

If you really want to, u can alsouse https to your gmail connection, so its encrypted...
other than that, you should have an issue

 

[Saajid]

Currenlty I use a gmail account for all my personal stuff. This includes my medical aid, all ADSL accounts, my banking, etc. There is obviously a lot of sensitive information in there. I know that gmail isn't too secure.

I don't know all the ways that gmail can be hacked, but I'm wondering what a cheap, secure alternative is? Is it more secure to get an email account from a buying a domain? I know a lot of ISP's give you free e-mail accounts when you have an ADSL subscription with them; are those more secure than gmail?.

Personally, I ONLY use GMAIL for all my personal stuff, like you, from banking, to insurance, medical aid, ADSL, Cellphone accounts, Telkom Accounts, and many other types of accounts.

I would rather trust this sensitive information flowing through Google's servers which is maintained by John and Sally and protected by US Law, then have it pass through MWEBs, or Telkom's servers that are maintained by Sipho and Trompie, and supposedly protected by South African law.

As a leading internet company, GMAIL cannot screw up it's security. It will be a bad blow to it's reputation, security and share price. I put my trust in them more than any South African company.

But still, you can't be too careful. Choose a strong, but easy to remember password for your GMAIL account. Don't use this password for any other online registration / forum / account. Keep it safe, and to yourself. For every account/registration , use a unique randomly generated password. Generate and store all your passwords in a secure password database like Keepass Password Safe. Trust, me it's the way to go. Don't ever repeat passwords. Also, you won't ever need to remember more than 2 passwords. The password of your GMAIL account, and the master password of your secure password database. Make sure these two are different. And for God's sake, don't forget to backup your password database regularly. The password database is almost impossible to hack (would take 100s of years using the latest technology available today) without the master password. So you can even store it online. But don't lose it. And don't forget your master password, else you're screwed.

Before I used to reuse passwords. Had 4 or 5 different ones which I used for various services. I used to keep track of which password is linked to which account in a series of text files. Ever since changing to KeePass - I've never looked back, and feel at ease that my data is safe. If any one of those services are compromised, it won't compromise any other service, due to the randomly generated unique passwords. I think this is more important then worrying about whether GMAIL can be hacked or not.

Even if your GMAIL account (or any other email account) is hacked, all the attackers get access to is perhaps your GMAIL password, and your everyday emails. You other financial and sensitive information is still secured by random passwords.

 

[Asha'man X]

ToxicWazte makes some very valid points, especially concerning password safety. Make sure your Gmail password is a good one, because if it's broken, the attackers can get anything stored on Docs, Reader and any other Google service, as they all use the same username and password.

Another option is to use your mail with a mail client and encrypt and sign your mail, but incoming mail won't work like that until the other side gets your certificate. It's a mission to set up, but it is an option.

Other steps involve trusting your gut and common sense. Don't log onto sensitive sites at Internet Cafes for example, if a computer is acting strangely, rather walk away and so on. For all you know, it could be infected with a password stealing trojan...

 

[HavocXphere]

Please share. Gmail was never hacked?

Here's one where the contacts list got hacked via hostile JS:
http://digg.com/programming/GMail_Hacked_Visit_ANY_Website_and_Your_Whole_Contact_List_Can_be_Stolen

One that forwards email conversations in the background:
http://www.davidairey.com/google-gmail-security-hijack/

And a cookie exploit:
http://blogoscoped.com/archive/2007-01-14-n21.html

Or maybe someone just hacks you wifi password with CUDA or something & sniffs the stuff:
http://www.tgdaily.com/security-features/33207-point-and-click-gmail-hacking-at-black-hat

And their Gaia code recently got stolen so who knows whats been compromised:
http://www.nytimes.com/2010/04/20/technology/20google.html

Maybe someone's account was hacked - because they were not using a secure enough password, or they leaked the password? That's the user's own negligence

None of the above rely on a "user's own negligence". Could happen to anyone randomly surfing the internet. And those are just the known (&fixed) ones...anyone with malicious intent is not going to publish a 0-day exploit.

Don't get me wrong, my personal stuff is on Gmail too - I just don't kid myself about it: Its a calculated risk and definitely hackable.

 

[ponder]

I've been with Gmail since it started as a Beta. In that time I've had two outages lasting less than 48 hours combined. I also have a very strong password and in all honesty it's the best service I have ever experienced, including 60 000+ user corporate environments.

If you are an idiot user then schit will happpen regardless of service provider.

 

[sutekj]

Thanks for the advice. I'll summarise what I'll do and recommend.

1) Don't keep any e-mails with sensitive information in my account. Many sites send your passwords and activation links etc to your mail box. This should be deleted after use.

2) Information that you do want to keep in your inbox you can put in KeePass or some other form of encryption. You can back up these up to other places.

3) Don't use gmail password for anything else (I don't do this anyway. I'm a web developer so I know this)

4) If you're really paranoid, you can check the last log in date on gmail. You'll have to remember each time you log in then. This way you will know if someone else has been accessing your account.


To the people saying g-mail is secure: I've heard of lots of cases where g-mail gets hacked. As far as I know it is possible to steal the cookie gmail uses. When someone gets this cookie, they don't even need your password to access your account. This is especially dangerous when you're on a wireless network (easier to eaves drop on your communications and steal your cookie). I don't know exactly how https works here - Maybe it completely evades this problem. It would be great if someone knowledgeable could explain the dynamics here.

 

[Drake2007]

No email is secure! .