PGP Encryption in Cybersecurity: Still Used in 2023?

Users send more than three billion emails every day. That’s one too many emails to count every year – but it only takes one leaked message to cause trouble. You should use encryption for that reason. There are many choices, including PGP – but is PGP still used in 2023?

PGP (short for Pretty Good Privacy) is an encryption security program used to protect messages and files as well as provide digital signatures. It’s still widely used in 2023, though certain security analysts believe it’s time to choose other options because of several issues.

Does old age make encryption software risky? It’s difficult to choose whether to stick with PGP or let it go, especially when there are few secure alternatives on the market. You should understand what PGP is, its benefits and cons, and what alternatives are available before choosing.

Table of Contents

What’s PGP?

Pretty Good Privacy (PGP for short) is a software program used to encrypt and decrypt email messages and files as well as provide digital signatures to authenticate the identity of the people you’re talking to.

PGP first started in 1991 and has a handful of decades being one of the best ways to encrypt your emails. It’s been the go-to option for journalists and other users handling sensitive information (or wanting to protect their privacy).

This software uses multiple keys to protect and encrypt information from unauthorized third party access. PGP is also faster than your average encryption protocol, making it a secure and efficient way of handling privacy.

Main Features of PGP

  • Email Encryption. The number one reason why people use PGP is to encrypt their emails. You can do so too! It doesn’t matter if you’re a journalist handling sensitive information or a person who doesn’t want third parties to snoop in: you can always encrypt your messages using this protocol and have peace of mind.
  • File Encryption. Another great feature of PGP is encrypting files. Sure, you can send information over email and protect it against hackers – but you need to do the same for the files on your computer. Fortunately, PGP can help you with that, and most experts agree it is borderline unbreakable.
  • Digital Signature Verification. Handling sensitive information is far from easy. You still have to deal with making sure you’re talking to the right person on the other end, even if you are encrypting your files and emails to be safe. PGP allows users to create a unique digital signature, so you can be sure you’re talking to the right person.

4 Benefits of Using PGP

1. Seemingly Unbreakable Algorithm

It’s almost impossible to break the PGP algorithm. Hackers have tried to get past this encryption but had little results to show after decades’ worth of going at it.

That’s why journalists, politicians, and other privacy enthusiasts choose PGP. Does that mean it’s completely unbreakable? Of course not! All software becomes vulnerable sooner or later. However, after more than thirty years, it seems to be getting harder and harder to make that happen.

Certain vulnerabilities were discovered in the past, but none were strong enough to render PGP useless. You can learn more about them at the bottom of this article.

2. Industry Standard

Did you know PGP is an industry standard? It first appeared in the early 90s – and continues to be the go-to choice for email encryption nowadays!

People use it less than before because most communication has gone mobile, though that doesn’t mean PGP isn’t an incredible option to consider.

In fact, that 30+ year run could only happen because the competition is not up to the task. PGP can encrypt your emails faster and better than any alternatives on the market. There are some downsides to using PGP, and we’ll detail them below.

3. Easy To Learn

PGP is far from user-friendly but is easy to use once you have the basics down. That’s one of the best things about it: it’s fast and not that complicated to learn.

However, that doesn’t mean you should try to learn on the go. That will bring you more trouble than it’s worth. We highly recommend sitting down, reading documentation, and watching a tutorial or two before going down the PGP route.

We’ll explain below what happens when you dive head first to encrypt data using PGP without going through the learning curve. It’s not pretty.

4. Helps With Your Data Needs

Are you worried about data loss? What about the other way around, making sure you permanently delete data? You don’t have to worry about that when you use PGP – because it’ll help you with your data needs.

You can expect PGP to protect your emails from interception or someone messing with data in transit, but most people don’t know PGP can help you delete data (which isn’t as easy as you’d think, especially with so many recovery software options available) and recover things that you thought were lost forever.

Having these features doesn’t mean you should rely on them, though. Always have backups at hand!

4 Cons of Using PGP

1. Far From User Friendly

PGP is fast, efficient, and secure. It’s easy to learn if you’re tech-savvy, but it won’t hold your hand if you don’t know what you’re doing. You may find yourself hitting a wall if you haven’t used this type of software before.

What does that mean? Users tend to use apps that are ready to go out of the box. PGP demands a little time before you can take a deep dive. It’s not a fun user-friendly experience unless you know what you’re doing.

Are you planning to implement PGP in your company? We highly suggest you invest money and time into training anyone who’ll use this protocol. Otherwise, you’ll find your workers making plenty of mistakes, which may create huge security holes.

2. Prone to User Mistakes

Users will be prone to making mistakes if they don’t fully understand how PGP works. Other software will take your hand and guide you through the process, up to the point of stopping you if you’re about to make a mistake. PGP doesn’t work that way.

To make matters worse, you’ll create huge security holes without knowing if you’re not aware of what you’re doing. As we’ve stated above, we believe using PGP is not difficult and doesn’t have a steep learning curve. However, you have to take the time to learn how to use it before doing so.

You may not have the time and energy to do so, and that’s okay. We have a handful of PGP alternatives waiting for you at the bottom of this article.

3. Not Anonymous

Most people using PGP want to stay anonymous – but that’s not possible when using PGP. This software will encrypt your email message but leave everything else out in the open, making it slightly easier to trace you.

For example, take the email subject line. PGP will not encrypt it, so it’ll be out in the open for anyone to see. You can’t solve this issue – but you can work around it: don’t put any sensitive information on the subject line when encrypting emails using PGP.

You can further improve your anonymity efforts using TOR and similar protocols. Users often tend to trust VPN companies – but remember you’re sending all your information to them, so ask yourself if you feel safe doing that beforehand.

4. Compatibility Issues

One of the biggest problems with PGP comes in the shape of compatibility issues. We’re not talking about having trouble using PGP plus something else – but using a version of PGP that’s slightly older than the other party is using or vice versa.

Simply put, PGP clashes with older versions of its own software. You may have trouble sending a message to someone using PGP if your versions aren’t an exact match.

You can probably tell why that’s such a problem. Fortunately, it’s one you can easily fix: update your software – and update it often. Doing so is one of the recommendations we often give users because it’s a big part of following cybersecurity best practices to stay safe.

Is PGP Outdated?

PGP could be outdated or not, depending on who you ask. Several security experts have voiced their concerns over certain issues regarding PGP, including the latest EFail vulnerability, though other analysts have considered these issues to be blown out of proportion.

Let’s say PGP is far from outdated for the sake of argument. It still is a bad idea to put all of your eggs in one basket. In other words, you shouldn’t rely on PGP alone to encrypt your communications, especially if you’re handling sensitive data.

What do we recommend? Continue reading this article and find out about the PGP alternatives we have listed below. Mix them up and change the way you talk to friends, family, and colleagues if you’re worried about privacy. Become a harder target to hit that way!

When Will PGP Stop Working?

PGP will stop working under two scenarios: first, someone discovers (and makes public) a massive vulnerability; second, the company that owns PGP decides to stop updating it. None of these things have happened so far, so PGP continues to work.

The first scenario would be devastating. A hacker or security expert finding a catastrophic flaw would end PGP encryption while potentially making it easy for hackers to decrypt messages that were already sent.

The second scenario is milder, though far from ideal. PGP is owned by Broadcom Inc., so they have to decide to stop supporting PGP. More often than not, companies give plenty of time for users to adopt another option, so it’d be bad but not terrible.

3 PGP Alternatives

1. GnuPG

GnuPG (or GPG for short) should be your go-to PGP alternative if you’re looking for an open-source option that will grant you privacy the same way PGP would. In fact, GPG first appeared as a response to a company purchasing PGP (making it proprietary software).

You can establish secure communications using GPG, though you should always mind your password. Creating a strong password will be the difference between having private conversations and having a hacker share your messages with the world.

How can you create a strong password? Make sure it’s more than 10 characters long, features different characters (e.g., numbers and exclamation points), and never reuse it.

2. Signal

Signal should be the go-to option for encrypted communications. Keep in mind this isn’t an email encryption service but a messaging service. We recommend this option and a similar one below because most people use their phones more than they send emails.

Is Signal secure? Absolutely! The Signal protocol is an industry standard. In fact, we’ve seen hackers attempt to breach Signal before, but they didn’t get far. In contrast, similar attacks were widely successful for other apps.

You can see who uses Signal if you need further proof that this is the best option available: WhatsApp adopted the Signal protocol a long time ago, and Google uses it too.

3. Telegram

Telegram is another way to handle encrypted communications. It’s user-friendly, available for most phones, and will cause you zero trouble connecting with other people, as this app has more than 500 million users.

This app is secure for most uses by default, though you can make it even better at stopping people from snooping around by enabling certain features. For example, using the Secret Chat feature will help you improve your security efforts.

Keep in mind Telegram is secure but not 100% anonymous: the company running the app will store metadata and other information for a year. They do so because law enforcement requests it.

Conclusion

PGP is still widely regarded as an industry standard, though some analysts have voiced their concerns about its widespread use in recent years. Certain alternatives, such as GPG and Signal, are available, but whether they are better or not is up to the user.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.