Facebook is offering users the ability to encrypt password reset emails for the first time, using the popular PGP email encryption standard. Users who want to take advantage of the new security standards can tell Facebook their public key, and the site will then ensure that any sensitive emails that it sends out, such as password resets or other notifications will be encrypted. The company will also cryptographically sign messages it sends, which allows users to verify that the sender genuinely is Facebook. The encryption standard Facebook is using, PGP (which stands for “pretty good privacy”), is seen as the gold standard of email encryption. The Edward Snowden revelations revealed it to be one of the few encryption standards which national security services had failed to undermine in some way, despite its 20-year history. The standard is a form of what is called “public key cryptography”, where every user has pair of keys, one designed to be shared widely, and the other to be kept utterly secret. Messages are encrypted using the public key, and can then only be decrypted using the private one.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street