Can Someone Decrypt My Webmail Password

by on January 17, 2007

Q: I occasionally check my business email from my home computer via webmail. My husband is in the IT field and he has some kind of password decryption software that he obtained through a previous employer. He has told me on a few occasions that he can get in to anything with this software. Information security is very crucial in my line of work and I don’t want anyone, including my husband, to gain unauthorized access to my email. Could someone possibly access my webmail account using this type of software?

A: Lets first discuss how decrypting a password works. In order to decrypt a password you need to get the encrypted password, which is stored on the server and is used to compare the password the user types in. To decrypt the encrypted password someone would have to gain access to the server that holds the encrypted password. A person would then use software to decrypt the password.

It is very unlikely that someone would be able to gain access to the encrypted passwords on a server. Someone decrypting your password should probably be the least of your concern because if they can get your encrypted password they can probably get your email without knowing your password.

There are other ways someone could capture a password however, such as installing a key logger, which records every keystroke typed on a computer and records it in a file somewhere on the PC for later review/retrieval. There are also other nefarious tools available to the general public on the Internet. I won’t get into detail around these tools, as I don’t want to assist anyone out there to subvert security controls in place.

With determination and some know-how this is a very real possibility that someone can capture your webmail password but it is unlikely that they would actually be decrypting it. If you cannot afford to have your webmail data read by someone other than yourself then you should consider only checking your email from a secure PC. Otherwise there is always the risk someone else may have installed something to monitor your Internet behavior and gain access to your usernames and passwords.