E-mail correspondence at Penn State will get just a little bit safer by the time the spring 2005 semester arrives. By January 25, faculty, staff and students will be required to check e-mail via a secure-only connection using Secure Socket Layer (SSL), software that encrypts data as it is transmitted over the Internet. Once an e-mail client (such as Eudora or Mozilla) is configured to use an SSL connection, SSL encrypts or "scrambles" a user’s Penn State Access Account userid (user I.D.) and password when he/she checks e-mail via mail.psu.edu or email.psu.edu and also encrypts the messages as they are downloaded from the e-mail servers to an e-mail client on the user's local machine.
Using SSL, as well as other methods for securely checking e-mail, have previously been optional choices for Penn State community members, but on January 25, 2005, configuring SSL will be mandatory for all students, faculty, and staff. (Individuals who use Penn State WebMail exclusively, however, do not need to participate, since WebMail is automatically configured to use SSL for sending and receiving e-mail.)
According to Kevin Morooney, senior director within Information Technology Services (ITS), Penn State's ultimate goal is to eliminate sending all data and passwords "in the clear" (or without encryption) in order to better protect computer users from crimes like identity theft, e-mail fraud and electronic eavesdropping.
"The Internet is not a secure place," Morooney stated. "In some instances, when individuals check e-mail using software such as Eudora or Outlook, their Penn State Access Account userid and password are sent over the Internet and could potentially be stolen. Someone who knows your userid and password can read your e-mail, view your grades, access personal financial data, and even change your classes. Requiring this new technology will significantly reduce the risk of someone's password being compromised."
ITS implemented SSL encryption on the University's mail servers in the early fall and is now in the position to require that all students, faculty, and staff configure the necessary SSL settings on their e-mail clients over the coming months. (Information on how to set up the correct SSL settings is available at: http://helpdesk.psu.edu/email/sslconfig.html.) ITS staff members emphasize that it is critical for all students, faculty, and staff to make the recommended SSL changes outlined at the Web site above, or they will not be able to send or access e-mail after January 25, 2005.
Many computer experts country-wide strongly encourage the use of SSL for e-mail communications whenever possible, citing that it's usually very easy to make the required e-mail software changes-and that the effort is well worth the greater security Internet users receive as a result.
In addition, students, faculty and staff can use the SSL encryption process regardless of whether their e-mail message recipients use it, since SSL is transparent to individuals who receive e-mail.
If you have questions regarding how to configure your e-mail software for SSL use, contact the ITS Help Desk at (814) 863-2494 or (814) 863-1035.