-1

Checking an older laptop in my possession, I found that all of the POP accounts set up on that device, were sending passwords in clear text when Sending and Receiving (Found this with the assistance of Wireshark).

Are there some good ways to prevent this, and if so, what can I do to minimize or totally prevent this?

Thanks!

Parthian Shot
  • 1,165
  • 4
  • 16
  • 32
Johan Brink
  • 111
  • 3

2 Answers2

1

If your Mail provider support it, you should always use the Secured version of the protocols : POPS, IMAPS and SMTPS. All are encrypted and wireshark will not be able to understand anything.

Dom
  • 6,743
  • 1
  • 20
  • 24
-2
  • The most simple way is to encrypt whole connection, i.e. you need to use POP3S instead of POP.
  • If you don't want to use SSL or it is prohibited in your country, you may encrypt only the password and send it over unencrypted channel.
user1700494
  • 1,642
  • 2
  • 12
  • 21
  • The second paragraph is nonsense. If you have only an encrypted password in a plain text datastream, it's as you had the plain text password... – Sven Mar 18 '16 at 08:46
  • Almost all mail clients has option to send encrypted password over non-SSL connection in order to authenticate. Didn't know that this is nonsence... – user1700494 Mar 18 '16 at 08:55
  • 3
    What you are likely meaning is [Challenge-Response authentication](https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication). This doesn't transmit an encrypted variant of the password in a clear text stream, but rather use the password to encrypt some piece of random data in order to proof you know the password. If you think about it, just sending the encrypted password wouldn't prevent an eavesdropper to supply the same encrypted password he just learned to gain access himself. – Sven Mar 18 '16 at 10:20
  • First, you should use TLS, not SSL. Subtle but important distinction. Second, if TLS is prohibited in your country, your most immediate concern should be finding a new country, e-mail be damned. – Parthian Shot Mar 18 '16 at 18:00