I already use a password, why do I need encryption?

    I already use a strong password to protect my email account, why do I need encryption?

    That is like asking: my bank already verifies signatures (or ATM PINs) before handing out cash, why do they need a vault or a safe to store the cash?

    The signature or ATM PIN is like a password - it helps the bank verify it is you and only give you access to your money. Similarly, the email account password prevents someone from pretending to be you.

    Encryption is like a vault or a safe. It protects your data from those who do not pretend to be you. A data thief may not bother to login to your account. They could try to eves drop on the data as it travels between different devices or email servers on the Internet (such as from a telecom company wire they get clandestine access to). Or they will steal a server, device, or hard drive that stores email data and simply connect the stolen storage device to their own computer and read the data. Encryption protects against that.

    Data thieves cannot realistically read encrypted data. That is why data theft reporting regulations in most states do not even require you to report the theft if the data was encrypted.

    The bottom line is that you need both a strong password and encryption. The sturdiest safe will not protect your money in the bank from someone who successfully forges your signature (or forges your ATM card and PIN). The best ATM cards and PINs will not protect against a thief who takes money directly from the safe.

    Related articles