https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605335#M83821 <P>It's not quite that bad - wifi is moderately well encrypted.</P> <P>If you want proper end-to-end encryption I'd consider signing up at <A href="https://protonmail.com/signup" target="_blank">https://protonmail.com/signup</A> - you can get a single email account for free without any adverts etc.</P> Sun, 13 Jan 2019 15:37:50 GMT VileReynard 2019-01-13T15:37:50Z https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605327#M83820 <P>I have known for a long time that Plusnet do not use an encrypted link for connections to IMAP or POP3 email clients but have just had a light bulb moment regarding this shortcoming. Being bored I have had a play with Wireshark. This has brought home to me the implications of a third party getting access to my wireless network. This could be leaked by various ways, for example a quick look (or snap from a camera phone) at the rear of the router is all that's required.</P> <P>Anyway, what I have suddenly realised is that if some-one can connect to your wireless network, every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account, every time emails are checked, in my case Outlook is set to do this every 30 minutes, your account user name and password is being transmitted in plain text for a snooper to pick up. This of course gives them full access to account details, telephone records, any security bolt settings, etc.</P> <P>My solution is to change my wireless password from that on the router label and use my other secure non-Plusnet email account. I have forwarded any emails addressed to my Plusnet mailbox to the other account and deleted the Plusnet settings from my Email client.</P> <P>I note that webmail can be accessed via a secure https link and hence is not exposed to this security flaw.</P> <P>&nbsp;</P> Sun, 13 Jan 2019 14:33:01 GMT https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605327#M83820 Baldrick1 2019-01-13T14:33:01Z https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605335#M83821 <P>It's not quite that bad - wifi is moderately well encrypted.</P> <P>If you want proper end-to-end encryption I'd consider signing up at <A href="https://protonmail.com/signup" target="_blank">https://protonmail.com/signup</A> - you can get a single email account for free without any adverts etc.</P> Sun, 13 Jan 2019 15:37:50 GMT https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605335#M83821 VileReynard 2019-01-13T15:37:50Z https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605336#M83822 <P>Were you running wireshark on the computer accessing the email, or on a different device?</P> <P>It is possible to view such traffic from another device, but perhaps not quite as easy as you suggest.</P> Sun, 13 Jan 2019 15:39:47 GMT https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605336#M83822 ejs 2019-01-13T15:39:47Z https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605338#M83823 <BLOCKQUOTE> <P>every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account</P> </BLOCKQUOTE> <P>That's only true for the default mailbox. You can mitigate the problem by using additional mailboxes instead with their own passwords.&nbsp; When/if you need to access the default one, do it from webmail, that's what I do.</P> Sun, 13 Jan 2019 15:46:51 GMT https://community.plus.net/t5/Plusnet-Feedback/Plusnet-Security-My-Rude-Awakening/m-p/1605338#M83823 MisterW 2019-01-13T15:46:51Z