Email security and Internet Cafés


This is something sort of techy, but it’s important for anyone who has to travel.

Lately when I travel, I find that I can get by quite well just taking my Kindle (for plenty of reading material) and a smart phone (for access to email and web browsing.) While they aren’t full featured enough to let me get real work done, they do let me keep up with what’s happening – and they are so much lighter than schlepping a laptop and associated equipment with me that I’ve come to prefer managing with just them.

But occasionally I’ll have to write a long email response, or I’ll need access to a full featured browser while on the road. When that happens I tend to look for an internet cafe or a hotel business center. The problem is that many of those computers have been compromised with key-loggers so that when you use them to log into your accounts, your passwords are recorded, and whoever has access to the computer then has access to all your information. Say you use Gmail for instance; you’ll have to setup a different password before your trip and then remember to change it on coming home, or you’ll have to hope that the computers you’re using are clean of any spyware. Because if not, you’re going to lose access to your account, and all your mail archives. I’ve got a few friends to whom this has happened, so I’m not speaking theoretically here.

Fastmail (a company I’ve used for my own email for years now) has a solution to this. It’s really quite elegant and takes just a few minutes to set up before you leave on a trip. They will create a list of one use passwords that will only work once. Use one in a cafe and even if it’s recorded, it won’t do anyone any good.

From their write-up on their blog:

“When you create a one-time password (OTP) set (make sure it’s only on a computer you know is secure), it will show you a screen with 100 randomly generated passwords. You should print out this screen, and then carry the piece of paper with you. Each time you need to login to your account, you use one of the passwords on the sheet. Once you use a password, you should cross it out because you won’t be able to use it again.

For extra security, you can also specify a ‘base password’ when you create a OTP set. When you do that, you have to enter both the base password (something you know) and the OTP password (something you have) to login. This ensures that even if you loose the piece of paper with one-time passwords on it, it can’t be used.”

Read the full article here.

If carrying around a sheet of paper with you is too onerous, you can even set it up so that Fastmail will text your phone with a one-time use password. You have to pay for the text message, but this way you don’t have to keep track of where you are in the list of passwords.


The Author

Episcopal bishop, dad, astronomer, erstwhile dancer...

1 Comment

  1. One Time Passwords are a great idea and they don’t have to stop at email. I write for Passpack which is an online password manager. And we have Disposable Logins (OTP) so that you can access all your passwords while on a public computer and the auto-login feature prevents keyloggers from recording your permanent passwords.
    Here’s a post on Disposable Logins:
    Hope it helps!

Comments are closed.