Absolutely. I use 1password, and it's hard to beat - encrypted, well organized (certainly better than searching Gmail for e-mails from myself!), and it syncs the encrypted store to Dropbox so I can have it on multiple computers.
That adds nothing but poorly contrived speculation.
Further, the general notion that email is predominately insecure is often wrong-
-TLS is used for most transports now.
-Email seldom transits through intermediaries (in the less connected world most had layers of smarthosts that were intermediate steps. Now almost all email is sent from origin organization directly to the destination organization, only diverging for highly secure intermediary like Erado).
I still wouldn't ever imagine emailing yourself passwords (email yourself an encrypted spreadsheet sure...to refute another comment, encryption in Office 2007+ is more than adequate) and the like, but just needed to address the hysterics about email.
gmail has been revamped so that China, with a fuck-ton of resources and desire, cannot get into it. they hired the NSA to help them. maybe it's no longer secure from the NSA, but it is from everyone else.
My objection was principally to the notion that the NSA is just some 3rd party security consultancy one calls up. Whether there was or was not a partnership that can or cannot be confirmed or denied, who knows, but lacking verifiable evidence, I'm just as likely to believe the NSA's advice was along the lines of "use a firewall and an IDS".
>My objection was principally to the notion that the NSA is just some 3rd party security consultancy one calls up.
When one is Google, it is. Not to mention that NSA very much cares for the trillions of information Google has to offer them and their continuing compliance.
In late 2009, China tried to get into Gmail. According to the forensics done at the time, they managed to compromise 2 accounts. And even then they only managed to read subject lines but not email contents for those accounts.
Google detected them, locked them out, identified over 20 other companies that had been compromised and notified all of them. Furthermore getting compromised was a wake-up call - they immediately took a lot of steps to improve their own security.
Note that this time Google's infrastructure was not targeted. Just end users and still Google tracked it down and notified people.
No system is perfect. I guarantee that Google knows this. But Gmail has a far better claim than any other email system I know of to claim to being able to beat Chinese hackers. (That said, I'm sure that China has not given up.)
But, these are just the incidents we know about. Plus, if the email isn't encrypted, many Google employees potentially have access, which throws the door very wide open.
Also, wasn't Google tracking everyone's movement everywhere, on Android? This is not a company I trust.
Have you thought of the operational costs of both encrypting email and still being able to support efficient searching of said email?
It really makes more sense to store unencrypted, and then secure access. The difficulty that motivated and well-prepared attackers have had in getting access demonstrates that they have done a very good job of securing access.
gmail was broken into by someone representing the chinese government. google fully admitted to this. this admittance did not seem to hurt their rep. they would probably admit to it if it had happened again.
google soon thereafter asked the nsa to help them out with security.
