• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
    • Stephen Foskett
      • My Publications
        • Urban Forms in Suburbia: The Rise of the Edge City
      • Storage Magazine Columns
      • Whitepapers
      • Multimedia
      • Speaking Engagements
    • Services
    • Disclosures
  • Categories
    • Apple
    • Ask a Pack Rat
    • Computer History
    • Deals
    • Enterprise storage
    • Events
    • Personal
    • Photography
    • Terabyte home
    • Virtual Storage
  • Guides
    • The iPhone Exchange ActiveSync Guide
      • The iPhone Exchange ActiveSync Troubleshooting Guide
    • The iPad Exchange ActiveSync Guide
      • iPad Exchange ActiveSync Troubleshooting Guide
    • Toolbox
      • Power Over Ethernet Calculator
      • EMC Symmetrix WWN Calculator
      • EMC Symmetrix TimeFinder DOS Batch File
    • Linux Logical Volume Manager Walkthrough
  • Calendar

Stephen Foskett, Pack Rat

Understanding the accumulation of data

You are here: Home / Everything / Go Get a ProtonMail Account and Protect Your Online Life!

Go Get a ProtonMail Account and Protect Your Online Life!

July 19, 2017 By Stephen 3 Comments

I don’t usually advocate for specific products, but I’m 100% on-board with this recommendation: Stop what you’re doing, go get a ProtonMail account, and use it as the verification account for your online self! ProtonMail is much more secure than any other mail provider and is the ideal place for password resets and bank account statements. Best of all, it’s free!

ProtonMail offers various account tiers and options, but the free account is good enough to be a “backstop” for account verification

Insecure Email

Email is not secure. Even with TLS and good passwords it’s far too easy to snoop, phish, or stumble into someone’s email account. And this is especially true of our “daily” email accounts: If you’re receiving email on your phone, iPad, and computers at home and work you’re leaving yourself vulnerable to account highjacks.

There’s really no way to fix this, and it’s not Google’s fault or anyone else’s. You want your email to be accessible whether you’re at home, at work, or on the road. And it’s useful to have email alerts “bust through” your lock screen.

This is one reason email is fundamentally insecure. Since you want it to work everywhere and go everywhere, it’s designed with the lowest common denominator in mind. So email protocols are fundamentally insecure by design. It’s a feature, not a bug!

But we don’t just use email to chat and do business. We also use our email accounts as a verification factor for password resets and to receive intensely-personal information from our banks, doctors, and so on. I don’t blame these sites for using email addresses for security: Email is the only universal account, and I much prefer emailed verification than some kind of proprietary authentication, handing over even more power to Facebook, Google, or Twitter!

Get a “Backstop” Email Account

It’s time to stop mixing communication and authentication in the same email account.

The solution is simple: Get another email account for security-related functions. You can keep using your regular email for regular communication, but redirect security and financial information to a secure account.

If someone was to hack into my email, they’ll hit the Gmail account since that’s all that’s set up on my iPhone, iPad, and MacBook. When I need to change a password or verify my credentials, I manually log in to my secure account using a web browser.

Many people use another provider for this sort of thing already. I long used a quiet Yahoo account for verification rather than my familiar Gmail-powered fosketts.net address. But after the recent Yahoo hack I stopped using this account and went looking for something better.

ProtonMail is a Great Backstop

I wanted to find a new account for security and authentication that was really secure:

  • Encrypted at rest with serious security on the back-end
  • Support for complex passwords and two-factor authentication
  • Compatible with ordinary SMTP for incoming and outgoing mail
  • No need to access from ordinary applications or standard IMAP protocol
  • An iOS application would be nice as long as it’s secure too
  • Location in a trustworthy location and legal jurisdiction and developed by credible people
  • Cheap or free and managed (so I have less work to do)

ProtonMail checks all the boxes for me. It’s a secure email account in Switzerland with end-to-end encryption developed by CERN researchers. Internet email is exchanged using standard protocols but is encrypted using per-user private keys for storage. ProtonMail staff can’t access the contents of a mailbox even if they wanted to, and Switzerland has very strong notification and review laws.

Access to each email account uses a second key, which is decrypted on the client side using the account password. Email can be accessed through a browser-based application or mobile application for iOS or Android. And ProtonMail supports two-factor authentication standards, including Authenticator.1 ProtonMail even supports encrypted and authenticated account-to-account communication, but this isn’t one of my requirements.

To be clear: You can not access ProtonMail from a regular mail client. You have to use their webmail or mobile apps. And that’s a feature, not a bug, since it means that all mail access is secure, end-to-end!

In practice, ProtonMail has worked out great for me. I can use my account as the verification email for pretty much any online service and I feel much more confident that it won’t be hacked.

Since I only use my ProtonMail account for verification and authentication, I’m not as concerned with some of the peculiarities of the service. The iOS app works great, but it’s not integrated with everything else on my iPhone like Apple’s Mail app, and I have to enter my Authenticator code fairly frequently, slowing down access. But that’s not a hassle since I only use ProtonMail once every week or so. And they support desktop and mobile notifications, so I know when I need to log in.

Stephen’s Stance

It’s an easy decision: Get a free ProtonMail account and use that as your verification address for important financial and social media accounts. Keep using whatever email account you like for regular communication, but don’t mix security and communication!

  1. They don’t yet support Fido U2F, but I’m not a Yubikey or Trezor user so that’s not a worry ↩

You might also want to read these other posts...

  • Electric Car Over the Internet: My Experience Buying From…
  • How To Connect Everything From Everywhere with ZeroTier
  • What You See and What You Get When You Follow Me
  • Liberate Wi-Fi Smart Bulbs and Switches with Tasmota!
  • Introducing Rabbit: I Bought a Cloud!

Filed Under: Everything, Features, Personal, Terabyte home Tagged With: Apple Mail, Authenticator, encryption, Gmail, IMAP, iOS, ProtonMail, security, SMTP, Switzerland, two-factor authentication, U2F, Yahoo

Primary Sidebar

James T. Kirk: Mr. Scott. Have you always multiplied your repair estimates by a factor of four?
Montgomery Scott: Certainly, sir. How else can I keep my reputation as a miracle worker?

Subscribe via Email

Subscribe via email and you will receive my latest blog posts in your inbox. No ads or spam, just the same great content you find on my site!
 New posts (daily)
 Where's Stephen? (weekly)

Download My Book


Download my free e-book:
Essential Enterprise Storage Concepts!

Recent Posts

How To Install ZeroTier on TrueNAS 12

February 3, 2022

Scam Alert: Fake DMCA Takedown for Link Insertion

January 24, 2022

How To Connect Everything From Everywhere with ZeroTier

January 14, 2022

Electric Car Over the Internet: My Experience Buying From Vroom

November 28, 2020

Powering Rabbits: The Mean Well LRS-350-12 Power Supply

October 18, 2020

Tortoise or Hare? Nvidia Jetson TK1

September 22, 2020

Running Rabbits: More About My Cloud NUCs

September 21, 2020

Introducing Rabbit: I Bought a Cloud!

September 10, 2020

Remove ROM To Use LSI SAS Cards in HPE Servers

August 23, 2020

Test Your Wi-Fi with iPerf for iOS

July 9, 2020

Symbolic Links

    Featured Posts

    We Live in the Future: Robotic Cat Litter Boxes!

    May 8, 2010

    A Complete List of VMware VAAI Primitives

    November 10, 2011

    Not All 802.11n Networks Are Alike

    July 2, 2011

    Making a Case For (and Against) Software-Defined Storage

    January 9, 2014

    Sony QX100 Lens Camera: Ruined by a Flaky iOS App

    October 7, 2013

    Defining Failure: What Is MTTR, MTTF, and MTBF?

    July 6, 2011

    Ranting and Raving About the 2018 iPad Pro

    November 11, 2018

    10 Mysteries The Lost Finale Definitively Settled

    May 25, 2010

    Fasting to Mitigate Jet Lag: Surprise! It Works!

    February 11, 2013

    Generation 3 drobo: Fall In Love All Over Again

    April 9, 2015

    Footer

    Legalese

    Copyright © 2022 · Log in