The company behind the password manager Dashlane introduced a new service earlier today that scans your email inbox for sensitive information to inform you about them
Sometimes, passwords or other sensitive information may be sent over email. This may be a regular occurrence at work for example depending on policies there but happens as well when you request a new password to be sent to an account’s primary email address.
Regardless of why passwords and other sensitive data end up in emails, it is important to know about this as email is not secure unless you are using encryption.
From someone else spotting an account password by looking over your shoulder over snoopy system administrators or teachers to attackers who record network traffic; there are numerous scenarios where someone else might get their hands on passwords and other sensitive information in emails.
Dashlane’s service scans the inbox if one of the supported email services for sensitive information. The service supports Google, Hotmail (Outlook), Yahoo and Aol currently.
The main issue that I have with services that request access to emails is that I dislike the idea of my emails being scanned by a third-party. The company who does that may be the most trustworthy company in the world but I still would have a bad feeling about this.
Good news is that you don’t need Dashlane’s Inbox Scan to check your email inbox for sensitive information. What you do need though is time and a good list of search words that you scan your inbox for.
If you take Gmail for example; all you have to do is enter the same search terms that Dashlane uses to find sensitive information.
Examples are “password”, “credit card”, “pin”, “budget” or “confidential”.
Once you have that list, all that is left to do is search on Gmail for these words. The service scans email subject lines, body and plain text attachments automatically.
The list that is returned may be large. The only option you have then is to go through all mails one by one to determine whether it contains important information or not.
If the email service supports it, it is suggested to use the OR search parameter to search for multiple terms at the same time.
Instead of searching for password, pin, pass and login, you could run the search password OR pin OR pass OR login instead. The main advantage is that you eliminate duplicates that may be displayed to you when you search for the terms individually.
One additional benefit of searching for sensitive information manually is that you are not limited to the four services that Dashlane supports. Simply run the searches in desktop email clients like Thunderbird or other online mail services that Dashlane does not support at all.
Dashlane’s solution has its advantages as well. It is semi-automated which means that you don’t need to come up with a list of sensitive words you want to search your emails for.
One question remains unanswered: what do you do when you find sensitive information in emails? It is relatively easy when it comes to passwords. Just make sure that the password is no longer valid. If it is, change it immediately to avoid any future issues.
You may want to backup and remove other sensitive emails or attachments. That’s however only the initial step as you may need to contact the sender to find a different medium for communication.