Encryption is vital to privacy and security. Our privacy is under constant threat from social media, governments, businesses, and otherwise. So, encrypting your web traffic and email accounts is a vital step to clawing back some of the seclusion that was natural just a few decades back.

Email accounts are important. They hold the keys to your digital kingdom as well as personal information. Here's how you encrypt your Gmail, Outlook.com, and other webmail accounts.

Which Encryption Is Best to Protect Webmail?

Before we look at the encryption tools, it is important to understand what types of encryption are available to you when using Gmail, Outlook.com, or other webmail services. You will use either symmetric or asymmetric encryption to protect your data. But what does that mean?

Asymmetric encryption is the most common encryption type found on the internet today. An asymmetric encryption tool involves two separate keys: a private key and a public key. Your public key is just that; public. You can send your public key into the wild because with it, people can encrypt messages specifically for you. When the encrypted messages hit your inbox, you decrypt it using your private key. Unlike the public key, the private key must remain secure at all times. If someone else acquires it, they can unlock your messages. This asymmetric encryption is also known as public key cryptography.

Symmetric encryption is a very secure but more simply encryption method. You essentially encrypt your message using a single cryptographic key, and the recipient cannot unlock your message without that key. Symmetric encryption is also known as secret key cryptography.

Both encryption types have pros and cons. Want to understand more? Here are basic encryption terms you should know.

Encrypting Messages in Webmail

I'm going to list several of the best webmail encryption tools, where you can use them, and how they help you send encrypted emails.

1. Mailvelope

mailvelope encryption extension options

Mailvelope remains one of the best and easiest webmail encryption tools around. It uses asymmetric encryption to secure your emails. The Mailvelope browser extension seamlessly integrates with your webmail accounts in Gmail, Outlook.com, Yahoo Mail, GMX, mail.ru, Zoho Mail, and more.

Mailvelope works directly from your browser. Once you download the app, the Mailvelope icon will appear alongside the address bar. Clicking the icon gives you several options: Dashboard, Keyring, and File Encryption. To get started:

  1. Select Keyring > Generate Key
  2. Enter your name and the email address you want to link to the encryption keys. Next, add a secure, unique password, then select Generate to create your key.
  3. Head to your webmail account and verify your new key by opening the verification email and confirming the unique password from the previous section. Once you decrypt the message, you can select the verification link.
  4. After verification, you receive a link containing your public key. (It is a long alphanumeric string.) You can share the public key with other people so they can encrypt messages they send to you.

You can access the public key from the Keychain option. If you want to send it to someone, locate the key, then select Export and either Display Public Key or Send Public Key by Mail. Once the recipient has the key, you can send them a secure message from your webmail account.

For instance, the Mailvelope icon appears to the top-right in a new Gmail message. Click the message icon and start typing!

mailvelope select key

Download: Mailvelope for Chrome | Firefox

2. FlowCrypt

flowcrypt intial setup page

FlowCrypt is another excellent encryption option for those using Gmail. Like Mailvelope, Flowcrypt syncs perfectly with your Gmail account, allowing to you send email using the PGP encryption standard.

Once you download Flowcrypt, select the Flowcrypt icon alongside your Chrome address bar. To set up Flowcrypt:

  1. Select Create a new key
  2. Create a secure passphrase. (A passphrase is a unique string of words, rather than a password, which uses letters, numbers, and symbols.) Head to Use a Passphrase if you're struggling to think of something---but make sure you make a copy!
  3. Head to your Gmail account. Above the regular "Compose" button is a new option: Secure Compose.
  4. Select Secure Compose and type your message.

A handy FlowCrypt feature is the PK button in the bottom right corner of the email compose window. The PK button adds your public key to the email so that recipients without FlowCrypt can still read your email.

flowcrypt secure compose button gmail inbox

FlowCrypt is available for Gmail on Chrome, Firefox, and Android. Also, you can use the Android app with any webmail app on your Android device, extending the functionality of FlowCrypt to numerous accounts.

However, FlowCrypt is planning apps for Windows, macOS, Linux, iOS, Thunderbird, and Outlook. The iOS version is due for 2019, with the FlowCrypt team looking to extend their mobile functionality before integrating other webmail services in the future.

Download: FlowCrypt for Chrome | Firefox | Android Beta

3. InfoEncrypt

infoencrypt message example string

InfoEncrypt is different from the previous two entries. It uses secret key---symmetric---encryption, rather than public key encryption. That means instead of sharing your public key to let people encrypt messages for you, you must arrange a password or passphrase before you can send and receive secure messages. InfoEncrypt uses the extremely strong AES-128 encryption algorithm, which is one of the strongest available for public use.

InfoEncrypt is extremely simple to use.

  1. Head to the website and type your message.
  2. Enter the secure unique password you have previously shared with the recipient.
  3. Select Encrypt and watch the magic unfold.
  4. Then, copy the ciphertext (that's a text with encryption) to your webmail client and send it.

Your recipient should receive the message, copy the contents to the InfoEncrypt site, enter the password, and select Decrypt.

4. Encryption in Outlook.com

Office 365 subscribers have the option to add S/MIME encryption to their Outlook.com account. Free users will have to stick with one of the awesome options already mentioned. (The free options above are probably easier to use, too.) You also need a personal Digital Certificate for Outlook.com S/MIME encryption, which you can do below.

Obtain a Free Digital Certificate

  1. Using Mozilla Firefox, head to Comodo's InstantSSL site. (You cannot use Microsoft Edge or Google Chrome for this task.)
  2. Scroll down and alongside Trial Certificates select Free.
  3. Enter the details for the email account you want to secure (that you use within Microsoft Outlook). Add a password. Accept the terms of the Subscriber Agreement and press Next, and follow the on-screen instructions.
  4. Head to your email account and open the Comodo collection email. Copy the collection link and paste it into the Mozilla Firefox address bar and press Enter. Enter your corresponding email address. Now, copy the Collection Password from the email into the Collection Password field and press Enter. Your Digital Certificate should immediately begin downloading (it will only take a second or two).
    email security course collect digital certificate
  5. Next up, and still working within Mozilla Firefox, you need to extract the Digital Certificate from the browser Certificate Store. Reason being that the automatically downloaded certificate is in the wrong format. In Mozilla Firefox, head to Menu > Options > Privacy & Security, then scroll down to the Security section and select View Certificates.
  6. Select the Your Certificates tab, then select the Certificate Name for the relevant email address, and press Backup. Select a relevant and memorable filename, then Save the file to a memorable location. You must now create another password. This password is very important. It protects the backup file you are creating, as well as serving as a password when you install the Digital Certificate in another program.
    firefox certificate backup extract

The free certificate will last for 90 days. You will have to renew it after that time.

Chrome Users: Import Your Digital Certificate

At this point, Google Chrome users must import the new Digital Certificate into the Windows Certificate Store. Chrome uses the Windows Certificate Store to validate the authenticity of your Digital Certificate, so you need to import the Digital Certificate to use the Outlook.com S/MIME encryption.

Please note if you are using Firefox, you can proceed to the next section as your Digital Certificate is ready to use (Chrome and Firefox use different Digital Certificate authentication methods).

  1. In Windows, press Windows Key + R, then type certmgr.msc and press Enter.
  2. Highlight the Personal folder. Now, right-click and select All tasks > Import.
    windows certificate manager import certificate
  3. Browse to the backup Digital Certificate location, locate your Digital Certificate, then Open.
  4. Enter the password created during the backup process in the previous section. Now, select Mark this key as Exportable and leave the option to Include all extended properties, then hit Next.
  5. Select Place all certificates in the following store.
  6. Make sure Personal is the folder selection, then hit Okay, followed by Next.
  7. Finish the import. You'll see a notification that the process was successful.

Install the S/MIME Control

Your Outlook.com account uses "S/MIME Control" to manage your encryption certificates.

  1. Open your Outlook.com account in your browser.
  2. Create a new message, select the more options icon (three dots), then Message options > Encrypt this message (S/MIME).
  3. When the "Install S/MIME Control" prompt appears, select Run, verify the Windows Account Control prompt, and select Run

Once you install and configure the S/MIME encryption options, you can use the Gear icon > S/MIME Settings menu to select whether to encrypt the contents of all your messages.

5. Send & Open Confidential Emails Using Gmail

gmail confidential mode settings

Gmail recently introduced "Confidential Mode." Confidential Mode is a way of sending secure messages, within Gmail, using a passcode and an expiration timer. Please note at the current time Confidential Mode isn't available to paid-for G Suite members.

Here's how you use it:

  1. Head to Gmail and select
  2. Alongside the Send button, locate the Turn Confidential Mode On/Off
  3. Alter your Confidential Mode settings; set an expiration date and select if the user requires a passcode to read your email, then select Save.
  4. Send your email as usual.

Recipients cannot forward, copy, or print Confidential Mode emails. Also, make sure you input the recipient mobile number if you use the passcode option. Otherwise, they cannot open your email!

What Is the Best Webmail Encryption?

For me, Mailvelope and FlowCrypt are the two best options for fast and secure webmail encryption. The FlowCrypt Android app certainly extends the functionality of that tool, while you can encrypt a wide range of webmail providers using Mailvelope.

If you're in a pinch, InfoEncrypt is handy, but you do need to work out a secure password beforehand which is a downside.

Unfortunately, there aren't many respectable, secure webmail encryption tools around. That is despite the focus on security, privacy, and data breaches.

Another excellent option is to switch provider entirely. Instead of using a webmail client that may well track and monitor your email contents, switch to a secure, encrypted email provider.