Don’t get pwned like Sony—use Mixmax Secret Message

Send password-protected email messages from Mixmax

Wednesday, Jan 28th, 2015

Mixmax is a communications platform that brings professional communication & email into the 21st century.

Today we’re adding a new in-email app to Mixmax called Secret Message. It allows you to embed one or more secret (i.e., password-protected) messages inside your email. It’s yet another way that Mixmax gives your email superpowers.

Who can use it?

As with all Mixmax apps, anyone on any email client can read your message (provided they have the password you gave them). Your recipient doesn’t need to install any plugins or extensions.

What is this great for?

Mixmax Secret Message protects confidential material from falling into the wrong hands. Specifically it:

  • Protects your conversations from security breaches or hacking
  • Ensures privileged conversations aren’t stored on the email servers of your business partners
  • Prevents sharing of your email via forwarding… or even snooping CIOs!
  • Allows you to send “self destructing” messages that expire at a certain time

If only Sony had adopted Mixmax as their corporate email solution before they got hacked

How does it work?

To add a Secret Message, select it in the app picker. You’ll be prompted to add a password that secures your message. Once you choose a password, you can enter your message. Let the recipient know about the password via some other communication channel. You can optionally also set a date that the message will self destruct.

Inserting a Secret Message

When your recipient opens the message they’ll be prompted for the password you provided before they can access the message.

Inserting a Secret Message

How secure is it?

The Secret Message app uses in-browser “symmetric encryption”, meaning your message content is encrypted entirely in your browser and never passes through Gmail or Mixmax servers in plaintext form. Likewise for your recipient: the message is decrypted using your shared password, entirely in the browser. As an additional measure, messages are viewed on a secure (https://) url so there is no risk of someone snooping on your internet connection.

Secret Message uses the open-source Stanford Javascript Crypto Library (hosted by Stanford on Cloudfare) to encrypt your message in the browser. Your message is then stored in encrypted form in Mixmax servers. Mixmax never stores your passphrase or has access to your content. Mixmax sends the encrypted contents of the message to the browser when your recipient is ready to view the message. When the user fills out the password, it is decrypted using the Javascript library and displayed in the browser window.

If you chose an expiration date for your message, our servers will delete the encrypted message from our database on the date you specify. There is no trace left behind.

As with all shared-password encryption, it is only as secure as the password you choose and how you choose to share it. Remember to never include your password in the same Mixmax Secret Message email.

Send a secret message yourself by adding Mixmax to Gmail. This is one of the many in-email apps you can create on the Mixmax platform to power up your email. Email us hello@mixmax.com or tweet us @Mixmax if you’d like to make one of your own!