Blog Post

Quick Tip: Enable iChat Encryption for Private Chats

Most of the time what I say on iChat (s aapl) is unimportant and uninteresting and would bore any eavesdropper, but on occasion I need to type a password, a social security number, or an account number and I feel uncomfortable doing that over an unsecured connection, and too often forget I’ve got a great way of sharing such info securely thanks to MobileMe.

Although many of us may have Google Chat(s goog), AOL(s aol), or Jabber accounts, the only way to get an encrypted channel is for both parties to have MobileMe/.Mac accounts.  If you aren’t already using your MobileMe account in iChat, you’ll have to first add it.  Go to Preferences and then under Accounts click the + icon.  Put in the name and password for your MobileMe account and click “Done.”

Next you’ll be presented with a dialog box confirming you want to enable encryption.

By default it’s enabled so you’ll click continue.  If all goes well,  you’ll get a confirmation the encryption certificate was requested and within a few minutes you’ll be good to go.  I recommend quitting iChat and then opening it back up.  Check your account preferences and make sure that it says encryption is enabled.  If you use multiple accounts via iChat, make sure you begin your chat via your MobileMe account rather than one of the other services you use.  I log out of all other chat accounts just so I don’t accidentally respond to the wrong chat with private info.

If you already have your MobileMe account configured in iChat, simply be sure that you go to preferences and enable encryption.  If you haven’t used encryption in a while, it may take MobileMe’s servers a few minutes to enable it.

Once all set up, if you want to tell someone the secrets of the universe, just be sure to look for the lock during your conversation to make sure encryption is enabled.  If it’s not, Apple has some good troubleshooting tips, the obvious one being to make sure the person on the other end also has encryption enabled.

Some caveats with secure iChat is the fact that it only works with Leopard and above, and no encryption system is foolproof, but I’d certainly feel more comfortable giving confidential secure info via encrypted iChat than over any unsecured channel.

3 Responses to “Quick Tip: Enable iChat Encryption for Private Chats”

  1. Personally I dont use ichat because it’s prone to malware attacks.

    Just last week, Apple patched one of iChat’s most dreaded security flaws. The flaw can be triggered when an ichat user clicks a malicious link. When this link is clicked it can automatically run an exe program.

    This is not the end, hackers will still try to break-in and exploit the weaknesses of ichat. I just hope Apple is doing something about this.

  2. Eric L.

    One thing I don’t like about sharing by chat is that the information often ends up in an unencrypted chat log on the persons computer, mobile phone (or both) or in their gmail logs somewhere. So now anything I’ve shared is not so secure!

    I encourage people to use a password manager for this type of stuff, and there are also some neat services that help with passing the data along, like lockify (I’m not affiliated w/ Lockify). It would be great to see a gigaom review of lockify and it’s competitors. Also of the password keepers that work on mobile as well as desktops.

    • Eric,

      I agree and I’ve been burned by that. I 100% have to trust the person on the other end isn’t logging the conversation or capturing it in some way. For those I know that log convos, I ask them to turn it off.

      Password management programs are a good idea and I’ll bring that up with the other writers. Thanks for the suggestion