In any website with any user account system, you’re probably going to have a decent amount of website security. But have you thought beyond your website? What about password reset emails? Standard emails are very insecure, and too often website owners do not feel even slightly uncomfortable about sending links to reset user passwords, or sending plain text passwords in an unencrypted email. However, by using a digital signature, you could change that. There are advantages and disadvantages to using a Digital ID for your website’s emails.
Signing your email using SMIME (Secure Multipurpose Internet Mail Extensions) works in a similar way to how HTTP Secure works when making a secure connection to a web server, for example in order to make secure payments using your credit card. This method is called public key encryption and by signing your emails it will allow you to verify that you are who you say you are.
Additionally, you could also encrypt your email to allow you to send encrypted mail. This method of encryption is part of the IETF (Internet Engineering Task Force) specifications for email formatting, which means it is a recognised standard and most of the major email clients support it transparently.
If you use a webmail client, you may run into issues. Because of the way public key encryption works, you need to have a file called a private key stored on your computer – this file must not be uploaded to the internet because this would allow a hacker to pose as you.
Using a webmail client presents difficulties because in order to encrypt emails, you would need to upload your private key – which is not recommended. Generally if you wish to use encrypted or signed email, you should use a desktop email client such as Mozilla Thunderbird or Microsoft Outlook.
There are other pros and cons to look into when using signed emails, but using signed emails will really improve the trust that users place in your website when they see how much you care about their privacy and security.