Set a codeword in company emails, to enhance security

A good security measure would be to allow setting a secret code word for email contact, which is then sent with every email from storj

4 Likes

Isn’t the wallet address kind of a secret code and wouldn’t it be sufficient to add like the last 6 characers from the wallet address to each email to prove authenticity?

Do you know the last 6 characters of your wallet address? Do you want to check that each time you receive an email? While it’s recommended to have the same address on all your nodes, you may have more that one wallet address configured. Which one should be used?

Such a code word is much more simple and it’s something that only you and storj know. It’s not my idea, I have seen it with different services that I use.

Not right now as it is not important to know it yet. But if it has some importance I believe it would be easy to remember.
But honestly, remembering is not really required. It is sufficient that you can look it up easily if you are in doubt about legitimacy of an email.
Of course custom individual codeword in the email would be more comfortable, but my idea was to use some thing, that is already in place and does not require much additional efforts for setting it up and maintain it.

Cant you just generate a Signature for each email. The recipient can run it through a piece of software and it can authenticate a message if I’m correct I think it is called PGP Certificate

You can, it’s just that no one will check that.

Well that is the way it is done in the professional environment. There are big issues with code words but as a simple solution that would work

I agree and I wish consumer clients would integrate support unilaterally. But unfortunately it isn’t there in most clients. You could do both though, for the most solid way. Yes, code words don’t ensure against tampering with the message in transit. And once they leak, they can be used over and over in fake emails. So far from ideal, but it’s better than nothing. Signatures would not be fooled by either of those issues… but if they aren’t checked by the end user, they are meaningless.

1 Like

yes that is correct they are pointless if not utilized

If you notice it has been leaked you just login and change it.

I was talking about that every SNO set’s up his own personal codeword. A leak would only affect some people, if even, maybe only one person.

Exactly… If you notice

I was talking about that every SNO set’s up his own personal codeword. A leak would only affect some people, if even, maybe only one person.

Unless it’s leaked from the source. But I agree that it isn’t a massively high risk and having code words is better than nothing. It’s just not as neat as well implemented signatures, if clients checked those automatically.

1 Like

Can’t you just use the + part of the email address?

You can insert a plus sign with a combination of words in your email address. For example, whenever you sign up for a newsletter, you could use mygmail+newsletters@gmail.com. Gmail will not look at what comes after the plus sign in the address so that the emails will come straight your inbox.

3 Likes

It’s not recommended - it is mandatory.

If you don’t follow the rules, why should they think of a solution for a problem only rule-breakers encounter? :slight_smile:

1 Like