Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Yahoo Sees ‘End to End’ Email Encryption by Year-end

Yahoo said Sunday it plans to introduce “end to end encryption” for email this year to boost privacy protection for users concerned about snooping from governments or hackers.

Yahoo said Sunday it plans to introduce “end to end encryption” for email this year to boost privacy protection for users concerned about snooping from governments or hackers.

The Internet giant demonstrated new security and safety features for its email service at the South by Southwest festival in Austin, Texas, ramping up efforts to boost privacy since the 2013 revelations about government surveillance.

Yahoo to Have End to End Email Encryption

The new security feature aims to allow non-technical people to use encryption with the click of a button after an initial setup of a few minutes.

A test or beta version of the encryption software is being released for developers, and it is expected to be rolled out to users in the coming months.

“Our goal is to have this available by the end of the year,” Alex Stamos, Yahoo’s chief information security officer, told AFP. “Anybody who has the ability to write an email should have no problem using our email encryption.”

Privacy advocates say encryption is a valuable tool in thwarting unwanted snooping, but many users find the process daunting, with a need to create complex codes or “keys” for both the sender and receiver.

Yahoo has been collaborating with Google and its Gmail service on the encryption, and the standards will be compatible, Stamos said, so Yahoo and Gmail users will be able to send each other encrypted messages with a single click.

“I think anybody who uses email in the center of our life needs encryption,” Stamos said.

“If you send emails to your spouse or your lawyer or family members, you want to have these messages be confidential.”

Yahoo and Google and other online giants took steps to encrypt Internet traffic in the wake of revelations of vast online surveillance programs led by the US National Security Agency, and have argued they never allowed unfettered access to their servers.

The email encryption takes this further by encrypting the content on both ends of the message.

Dumping the password

Yahoo said another feature soon to be introduced would allow users to bypass the standard password, by getting a one-time code sent to a verified phone each time they log in.

The move would help avoid so-called “phishing” attacks and other maneuvers that steal a user’s password, leading to potential identity theft.

The two new measures are expected to improve security and privacy while still being easy to use, Stamos said.

“It’s important for our products to be safe as used by normal people,” said Stamos.

“Our users face a very diverse set of threats. The biggest threat is probably someone stealing their password, and their account taken over.”

He added that encryption and password circumvention may also be important for users living in countries with repressive regimes.

“There are a lot of Yahoo users who live in countries where their freedom of expression and freedom of association is not respected, and where the government is trying to put malware on their computers to track them,” he said.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.