Enlocked Email Encryption

The easy way for small businesses, independent professionals and privacy-conscious consumers to communicate sensitive information over email
Contributing Authors
Recent Tweets @enlocked

A couple of weeks ago, we quietly rolled out our biggest changes to the Enlocked system yet.  Perhaps some of you noticed, but if we did our jobs well it should have been very transparent.  While the changes were subtle, they were based on some usability testing we did over the summer, aimed at improving the experience for first time users.  We have seen that in some cases, messages sent to people who have never used Enlocked before, do not get read.  And while for a few of these there may be a valid reason, the fact that someone took the time to send an encrypted message should mean the information is valuable.  As we understood more about where potential new users were dropping out, we could then make changes to minimize this issue.  Ultimately, for our sending users, the more often their recipients are able to easily read the message, the better!

So, what did we change?  Well, here are some of the bigger items, with a little background on what drove the decision.

  • When sending to a new Enlocked user, now instead of 2 messages being sent — the introduction to Enlocked with new user instructions, and the actual encrypted message — we are just sending one message with the intro at the top.  We saw that some first-time users were sometimes confused by 2 messages or skipped to the second one with the interesting subject, and never got the information on how to read the secure email.  The key to making this work for our existing users, was to hide this text if you already have a plugin or app installed, so every message doesn’t have the introduction at the top if you don’t need it.
  • Some potential new users weren’t sure why the sender was going through the effort to encrypt, and whether the contents of the message were worth the effort to retrieve it (even though the effort with Enlocked is pretty minimal compared to other encryption systems!)  So, to provide a little more information to new users, now senders can write their own “custom” introduction that is sent in the clear, above the encrypted content.  This allows senders to tell the readers a bit about what is in the message, in their own words.
  • A major redesign of the Enlocked Anywhere interface.  For a lot of first time Enlocked users, they just really want to read that first message.  They aren’t sure they want to install a plugin, or download an app… at least not yet.  And some users are utilizing an email client or provider that is not yet supported with an Enlocked plugin.  The Enlocked Anywhere web interface was created just for these reasons, but if we are honest with ourselves, it was always there as a “backup” and so we had not worried too much about the user experience.  We fixed that, with several changes that just make it a much smoother to read that first message.

We’re already seeing positive results from these changes, and we’d love to hear your thoughts.  Are there other things you think we could do to improve the system?  If you would like to submit feedback, you can use the new community forum on the Enlocked site, or if you would rather share your thoughts privately, drop us an email.  You can even encrypt it :-)

Well, if you’ve been poking around in Enlocked Anywhere, you may have noticed a new capability we’re testing and expect to officially announce shortly.  We call it Ensafe, and it lets users encrypt messages in their Gmail account even if they were originally sent in the clear (yes, right now it is Gmail only… stay tuned if you use another email provider).  So, all those older emails that you want to keep for your files, but would rather not have anyone read if they hacked your account, can now be easily encrypted.  Or, if someone sends you a message that contains sensitive information, put it in an encrypted folder and even Google administrators won’t be able to read it (nor someone who borrows your phone and opens up your mail).

To set up Ensafe to encrypt a “folder” (or in Google language, messages with a certain “label”), for now you will need to go to the Enlocked website and use the web interface, Enlocked Anywhere.  Simply click on the “Lock” icon above your messages.  This will take you to the Ensafe configuration page. Now, simply select the folders you want to encrypt.  It’s that easy.  If a folder is currently encrypted you can simply uncheck the box and the messages will restored to their original state.  In a future update of our browser plugins and mobile apps, we’ll provide the ability to manage Ensafe from the client side.

Note that for performance reasons, the encryption task will be done in the background, and depending on the size of your archived folder it may take several minutes, or even longer.  Also, there are certain system folders / labels that cannot be encrypted with Ensafe, including your Inbox, Sent, Trash,  and Drafts (notice in the screen shot above, they are grayed out).

We’re excited to release this new capability… and are thrilled with the reception it is already receiving from several of our users who have either asked for such a feature and have been beta testing it for us, or found it on their own and figured it out.  Let us know what YOU think…

Some of our more adventurous users have already discovered the secondary password feature. For those that may wonder what it is, or if you even need it, this post will give you an overview and then you can decide whether to set it up on your account.

First of all, to find the optional secondary password, you will need to use the Enlocked web application. Go to the Enlocked website, and click on Enlocked Anywhere in the menu bar. The system will ask you to authenticate yourself (unless you already did recently), and once you do, Enlocked displays your recent encrypted email messages.

To set up your secondary password, click on the “gear” icon to get to settings, and then you can check the box next to “Use a secondary password”.  The system will ask you to enter and confirm the password you want to use, and to set up a security question / answer in case you forget your password later.

So, now that you know how to do it, let’s go over why you might want to use this in the first place.

Read More

Since our announcement, we’ve heard from a lot of people who just didn’t realize how insecure their personal email really was. They’ve been assuming that as long as nobody knew their email password, or their recipient’s, it should be safe.

But, that assumption is simply wrong.  One of the things that makes email work so well, is that you don’t need to know anything about what the other user(s) you are sending to have for an email system, or anything about the network in between. The message just gets there. And the reality is that in order for that to work, your email is being sent entirely in the clear, readable by anyone with access to the network/servers along the way.

Now, you’re probably thinking that with all the email flying around the internet, who really has time to look for my little message that happens to contain a credit card number, or social security number. Well, the good news for the hackers out there (and therefore, the bad news for the rest of us), is that they don’t have to read everything. The bad guys have a number of ways to automate this whole process:

  • First, they can target specific individuals or companies, only looking at the traffic going into or out of their server.  So, if they know the email address of a financial planner, for example, they can focus on just that email stream.
  • Then they can turn to filtering and search techniques, to flag messages that contain words or phrases like “account number” or “password”, or that have strings in certain formats that are likely to be a social security number (###-##-###) or credit card number (####-####-####-####)
  • More and more, the hackers are just using brute force tools to try to break into email accounts (targeted or randomly), and then once in, they’ll search for messages your archives (sent messages, saved folders, etc) looking for valuable information.  There was an article last week in the San Jose Mercury News about someone who had this happen to them. The Stratfor emails accessed by Anonymous and published by WikiLeaks is another example of this threat.

Your archived messages are actually even easier for some people to get to. The system administrators on your email servers can access any message they want. While service providers try to screen employees to prevent this insider threat, it does happen. And of course, if someone steals your laptop or smartphone, any messages stored in the clear are readable. You might even use the browser save password feature so that if someone can get onto your system, just by going to your email site (you likely even bookmarked it for them!) they will be logged in automatically. And how many of us have old email archives saved as an outlook .PST file, just waiting for someone to open???

Encrypting your email helps with all of these. Even in the worst case of an admin being able to access your email, if it is encrypted they won’t be able to read it. And if that admin tries to reset your password to gain access to the enlocked keys, if you’ve used our secondary password feature your even protected from that.

Slavik Markovich, a board member and investor in Enlocked, and also a chief technology officer over at McAfee, posted a really nice overview about his thoughts about our solution.  Thanks, Slavik!

Cool. We formally launched the Enlocked service yesterday.  It still says “beta” on the web site, but hey, so did Gmail for the first few YEARS.

You can read the press release here and we’ve already received some nice coverage on All Things D. We’re very happy to see user registrations climbing rapidly.

We’d like to thank those of you who participated in our early testing, and hope you will continue to enjoy Enlocked. We got many positive responses from people who were thrilled to finally have access to a simple solution for email security. We knew that people cared about their privacy, but just couldn’t go through all the work to get software installed on all their devices.  And then expect the people that get their messages to do the same just to read it.

The great thing about enlocked is that once you read the encrypted email sent to you, you can use enlocked easily - just look for the “send secured” button added to your email client (in iphone you need to use the enlocked app to compose emails) and send your secured email to anyone - even if they don’t have enlocked yet!

Please send us any feedback or ideas you might have, our goal is to help you send and receive secured email to and from anybody on all of your devices – we really want to know how we are doing.

Thanks all for helping us make it a great product launch!

You use email to communicate with family, with service providers (doctors, lawyers, accountants), with business associates.  But, we’d bet that at least a few times a week, you choose NOT to send something via email, and for that sensitive piece of information you use some other method.  Even a fax is safer than email in some ways (our next blog will talk about how email is easily breached) as a fax is at least only readable at the sending and receiving site.  More likely, you’re calling someone to provide that private information directly, slowing you down, creating the inevitable phone tag.  And then they write it down anyway, for anyone to find.

screen shot of send secured button

Wouldn’t it be nice if you could use email to send that message, knowing it couldn’t be read along the way, it couldn’t be read if someone stole your laptop or smartphone, and it was no more work to send or read an encrypted message than a plain text one?

Then, they could save that information in their email, knowing it was safe, but also knowing it was accessible the next time they needed it.  For most of us, email has become our primary communication vehicle, yet it is still one of the least secure channels.  More on that in our next post.

— Andy Feit, VP of Marketing

Welcome to enlocked!  We’re in the final stages of our initial product development and are preparing for official launch shortly. So stay tuned.

My name is Guy Livneh, co-founder and CEO of enlocked, and I wanted to share some of the thinking behind the company with you in advance of our first release.

We got the idea for enlocked, when a few of us with pretty serious security backgrounds, realized that whenever we wanted to provide someone with a sensitive piece of information, we were all avoiding email.  We knew we could install some software (we know those solutions well), and work out the keys, but it was just easier to call and tell someone the password, or the account number.  Of course, then they would write it down, and who knows what they’d do with that paper!  For long messages, like a list of servers, usernames, and passwords, this is hardly convenient. Sending out entire documents was even more problematic, as there’s no easy way to do this over the phone (so we resort back to faxing and again – papers and time wasting issues).

If only it wasn’t such a hassle to set up email encryption.  If only it worked on all my devices (my iPhone, not just my laptop).  If I didn’t need to worry about what the recipient used for their email, browser, client, mail server, etc., etc., etc. to make sure it’s compatible.  If it worked as easily as Gmail, or Outlook, or an iPhone app – now that would be nice. Oh, and since I want to send secure emails to many different types of people, it should be easily used by everybody (and that’s a first for email security).

Well, that’s what we’re building…

— Guy Livneh, CEO

Simple email encryption, that works with all your devices… oh, and it’s free!
Welcome to Enlocked

Versions of Enlocked are available for nearly every device, including PCs, Apple iPhone / iPad, Android phones and tablets, and BlackBerry (coming soon).