Facebook has made Microsoft look bad with their latest innovation: encrypted email. Facebook probably didn’t mean to do it, but their announcement shows up Microsoft’s lack of proper support for secure email.
First the good news …
Facebook now has the option to have their maintenance emails sent in encrypted form, which include password reminder/reset emails. That makes them more secure because no-one can read those messages without your private key.
Update your details by logging into Facebook then going to https://www.facebook.com/me/about?section=contact-info
Enter your PGP public key, check the box ‘Use this public key to encrypt notification emails that Facebook sends you’ and Save Changes.
Now the bad news for Outlook users
Hang on … where do you get that ‘PGP public key’ for email received in Outlook? Well you can’t … not from Outlook alone.
For some time we’ve noted Microsoft’s refusal to improve the secure email part of Outlook. They’ve been content with a ‘tick the box’ approach where they say there’s encrypted email in Outlook but do nothing to make it easier to use or more broadly accessible.
One example of that failure is Microsoft’s refusal to support the OpenPGP standard … which is what Facebook has chosen to use among many others including Yahoo and Google.
In case you’re wondering. Outlook 2016 has no change in the secure email feature; it looks unchanged from Outlook 2010 and Outlook 2013. Windows 10 also doesn’t seem to have changed much in that regard; there’s certainly no native PGP support.
How to use Facebook secure email with Outlook
To get a PGP public key and be able to read secure emails from Facebook, you need Gpg4Win that we talked about almost a year ago. Gpg4Win has the components that fit into Windows plus GpgOL, the Outlook plug-in.
While Gpg4Win supports Windows 64-bit editions, the Outlook plug-in is 32-bit only.
You might want to try Outlook Privacy Plugin (not tested) which does support 32 and 64 bit Outlook 2010 and 2013.