01 Jun What is E2E Security?
End-to-end security also referred to as end-to-end encryption involves applying encryption to information on one device before the information is sent to another device and is de-encrypted. Essentially, end-to-end security allows for information to be securely sent from one device to another. It is the form of encryption used by major messaging apps such as WhatsApp and Signal to help keep your information secure.
Alternative methods to end-to-end encryption do exist ranging from no encryption at all whereby information is sent in a form that anyone can understand, to encryption-in-transit which is similar to end-to-end encryption except the message is un-encrypted and re-encrypted at an intermediate server. Both these methods allow for the information to be compromised with varying difficulty. With no encryption, data can be intercepted and understood at any point in its journey to the end receiver. Encryption-in-transit allows for the intermediate serve to receive and un-encrypted information, hence becomes a weak link in the chain.
Hence, the main advantage of end-to-end encryption is that it is the most secure way and is equitable to sending a letter in a safe that only the receiver has the key to. Now it is important to note that not only can no one access the data being transmitted but, they also cannot change the data being transmitted. This is because it is impossible to predict how a system will re-encrypt changes to a message making it clear that alterations were made.
Despite the benefits of end-to-end encryption, limitations remain. The context of your message will remain unreadable to servers, however, the server will have a record of a message being sent and received between the parties involved. Additionally, end-to-end encryption does not protect against malware on your devices. Hence, if your device itself becomes compromised, the attacker will gain the ability to read, receive and send new messages whilst your device worries about encryption. This also means if the individual you are communicating with has their device compromise, any information you send is also compromised.
In summary, the technology we have today is incredible, but not infallible and this is why you should always consider the detail of information you send over any messaging service to ensure everything important remains secure. Yes, this means that it is still not safe to send passwords in messages.