In the 2000's when you buy a DVD you used to get a message that "You wouldn't steal a car"

The message originates from the Motion Picture Association of America's "Piracy: it's a crime" messaging and was intended to discourage piracy of DVDs. A somewhat funny message that has now become a meme unto itself. However, it serves to make a valid point. If you are unwilling to steal a car why would you steal a DVD? That brings us to our central idea:

Mostly, we know that emailing credit card details is a terrible idea. So much so there are rules about it in the PCI standard, and a quick Google search shows up numerous results exclaiming the foolishness of such an idea. However, a strange thing I have noticed is that people email credentials for various live systems around.

To make it clear, we have a strict procedure for dealing with this internally:

  1. "Burn" (invalidate or delete) the credentials that were emailed
  2. Request new credentials transported by a secure mechanism
  3. Educate the user who sent the credentials as to the risks

However, it keeps happening! So, to make point #3 easier this is a short post to explain why we don't email around credentials, as well as some of the risks involved.

Necessary Background

To understand why it's bad to email credentials around, it's worth knowing a bit about how the internet works. The "internet" is not a direct connection between your computer and mine. Instead, the internet talks between our computers via a bunch of other computers:

^          ^         ^         ^          ^
|      Your Router   |      My ISP        |
Your computer   Your ISP              My Computer

Everything that has a processor in it is a computer. So, your "computer" (laptop), your router -- basically everything connected to your computer network is also a computer. Each of these computers plays a role in managing the internet:

  1. Your computer sends the email
  2. Your router is the connection between your computer on your local network and your ISP
  3. Your ISP (or "Internet Service Provider") connects to other ISPs, via the "Backbone Network"
  4. My ISP receives the data from your ISP and forwards it to my computer
  5. My computer receives the email and stores it, for me to read later

That's at least 3 other computers between the original two computers!! Additionally there are probably a bunch of other computers in the mix - computers that manage the connection between ISPs, computers that go between continents and so on. It's pretty magical! But all of those computers can read and change everything that goes through them and not all of those computers can be trusted. Additionally, because of the way the internet works, someone can simply insert themselves into the above path! Lastly, there are people who specialise in stealing this information.

Okay but why is email bad and HTTPS (for example) okay?

We can categories internet traffic into two broad traffic:

  • "Plain Text": The information is not secret between the two people, and people between those two people can read the information
  • "Encrypted": The information is encrypted with a special secret that only those two people know, and thus can be read by only those two parties

The most common encrypted protocol in use is "HTTPS", or "HTTP over TLS". You can see it clearly communicated with the lock symbol in the top left hand corner of your browser. Email can be either "Plain Text" or "Encrypted". The problem is, as we send the email, we do not know whether it will be encrypted! This decision is made based on whether or not both your computer and mine support encryption and is controlled by the email administrators - not us as users. It can go something like this:

  • Your computer: "Hey do you support email?"
  • My computer: "Yes! I support email."
  • Your computer: "Great! Now do you support encryption?"
  • My computer: "No, I don't support it. Sorry."
  • Your computer: "That's fine. Here's the email."
  • My computer: "Great! Thanks. I'll save this for Andrew later."
  • Your computer: "You're welcome. Bye!"

In the example above, the email was sent unencrypted. Other reasons it might not be encrypted is your computer doesnt ask, or some computer in the middle of our connections has disabled encryption.

So... email bad?

All of this adds up to a fairly neat idea: Email is not (reliably) secure! You should never send private information over it. Especially login data.

There are various ways of handling this data safely. I personally like simply using something like keybase to encrypt the data before sending the email, however it's best to chat to your contact at Sitewards to determine the best path forward for this.

Thanks for the read! If you have any questions, let your contact know and we'll amend the post. Don't have a contact? Get one! We love helping people build excellent e-commerce experiences. Click the "Contact" link at the top!