> > So if the webmail link says https (it does, btw) then the > > username and password login information *is* automatically > > protected even on a non-encrypted connection?
SSL (https, closed-padlock icon at the bottom of the page) _is_ an encrypted connection from your browser to that site you are accessing. [http://en.wikipedia.org/wiki/Transport_Layer_Security for technical details on how it works.] If the browser throws up warnings about the certs, don't ignore them. > Again, a much bigger danger is if he uses simple passwords and *types* Are you saying that typing the password is a danger because (a) someone may see you type it hunt-and-peck style or (b) there could be key loggers that can grab the pw? If it is (a), then learn to touch-type and make sure no one is watching when you type passwords. The case of (b) is certainly an issue when you use someone else's computer (ie: internet cafes, kiosks, etc.). But, if you think your own computer has key loggers, then all bets are off. Someone was able to install that key logger without your knowledge and that means he certainly owns your machine. > Someone finding out his email login information is not much of a > threat at all. I'm not sure it isn't a "threat at all." It can be. When you sign up for various online services (banking, video rentals with your CC on file, etc.) one of the options for recovering a forgotten pw is having it e-mailed to you. If a bad guy has access to your e-mail account, he can request a pw, then delete that e-mail before you see it. Yeah, one can get paranoid about these things, but making sure your e-mail account is secure is important, I think. Of course, you can use a throw away yahoo/gmail account when traveling. ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
