Breaking news
…and more

Security Comparison: GMX and Tutanota are German email providers. That's as far as the similarity goes.

This comparison explains security details about GMX and Tutanota that are important to protect your email account.

2019-01-11
Email accounts are the gate to your online identity. Linked to several other services - e.g. Amazon, Facebook, Twitter - that offer password resets via email, your mailbox must be secured to the maximum. Should a malicious attacker gain access to your email account, they can take over all other online services that are linked to this email address. When choosing an email service, its security must be considered. This comparison will help you decide between two very different German email services: GMX and Tutanota.

In January 2019 German magazine The Spiegel published a story that GMX and Web.de allow users to register an email address with the word 'pasword' as a password. Such a security setting is completely unresponsible as it puts lots of users at risk. We at Tutanota focus on security, and we were very surprised to learn that GMX and Web.de negelcted their users' security to such an extend. Thus, we found it necessary to investigate further and to shed some light on the security settings of Tutanota and GMX so that people can make informed decisions.

General comparison of Tutanota and GMX

GMX and Tutanota both offer free email services to the public. Tutanota limits free users to 1 GB of free storage while GMX users can increase their free storage to 10 GB by downloading the GMX app.

Another main difference is that Tutanota automatically encrypts all emails and contacts to secure their users' emails to the maximum, which GMX does not. Due to the built-in encryption, Tutanota cannot support IMAP/Pop3, but offers its own desktop clients that also support built-in encryption. GMX, on the other hand, can be used via IMAP/Pop3.

Both services offer paid upgrades that allow adding your own domain, additional users, and more. For more details on usability features, you can visit the homepage of each email provider: GMX and Tutanota.

Security comparison of Tutanota and GMX

Security asset Tutanota GMX
Only strong passwords allowed¹ Yes No
Password hashed on client² Yes No
State of the art brute force protection³ Yes No
Two-Factor authentication⁴ Yes No
Encrypted storage of data Yes No
Easily encrypt emails end-to-end Yes No
Data stored in Germany Yes Yes
No reuse of email address⁵ Yes No
No advertisements Yes No
No ability to read users' emails⁶ Yes No

1) GMX allows 'password' as a password and indicates weak passwords with a green bar. Tutanota also checks your password upon sign-up. If the password is too weak, registration with the chosen password is not possible.

2) GMX transmits the password in clear text to the server. Tutanota hashes and salts the password with bcrypt and SHA256 before transmitting the hash to the servers. It is impossible to derive the actual password from this hash, thus, no one can intercept the password.

3) Tutanota's brute force protection kicks in way before GMX tries to stop unauthorized persons to guess passwords. Tutanota hashes the password with Bcrypt to make brute-force attacks much harder.

4) No option to add a second factor to GMX accounts. Tutanota supports second factors since August 2017 and recommends to use a hardware token (U2F) as this is the most secure 2FA option.

5) GMX Terms state that unused email addresses may be made available for new registrations after 12 months. Tutanota does not recycle unused email addresses for security reasons.

6) GMX reads users' emails (German source). Tutanota stores all data - emails and contacts - encrypted so no third party can read users' emails.

To sum up: GMX started in 1997 when email was still a very young medium. Its level of security has not much improved since then.

Today users must ask for much better security measures because cyber attacks, in particular phishing attacks on email accounts, are becoming increasingly more sohpisticated.

Our online security guide explains three easy steps how everyone can quickly learn how to keep your emails safe from hackers.

Comments

ADD COMMENT