Opening Echoworx Encrypted Email

Finding a balance between secure email communication and ease of access is crucial. Echoworx Email Encryption provides nine ways to authenticate to balance security and ease of use. Learn about our authentication and access controls here, then schedule a consultation with our experts to dive deeper. Let’s get started.

Accessing Encrypted Email Through the Portal

Echoworx’s Portal delivery option is designed with the end-user in mind. It offers a simple, intuitive interface that doesn’t require any prior knowledge of encryption technologies.

Social Login using OAuth

Echoworx offers a growing list of social connectors, including Office 365, Google, Salesforce, LinkedIn, among others to authorize access to secure emails. Your customers simply log in using their existing social network credentials.

  • Quick and convenient access by using existing accounts like Google or Microsoft.
  • If you're already logged in on the same browser, it's even easier.
  • No need to create or remember another password.

OpenID Connect

If you maintain a customer database supporting OpenID for authentication, you can enable customers to log into Echoworx using their existing credentials. This enhancement streamlines and secures the login experience, eliminating a common source of frustration.

  • The portal seamlessly integrates with you company's online services, allowing users to log in with their existing credentials.
  • Your company retains control over authentication, allowing for the implementation of 2-step verification if desired.
  • Eliminates the need for managing additional passwords.
  • Option to provide basic authentication for users without accounts.

SSO (Single Sign-On)

Leverage your existing web portal to access encrypted email using our Single Sign On API (SSO). With SSO, your customers log in to your portal, using their existing password, and click on a ‘Secure Mail’ button authenticating and granting them access to their encrypted mail.

  • Easily connect the Echoworx portal to your company's portal.
  • Get right into the secure inbox without logging in.
  • No more links in notification emails.
  • Some companies prioritize security by refraining from link sharing.
  • Accounts are automatically created in the portal when required.

2FA (Two-Factor Authentication)

Two-Factor Authentication requires your recipients to first log in to their account, and additionally verify their identity using a secondary code (through Authenticator App, or SMS) before gaining access to their secure messages.

  • Enhanced Security: A compromised password isn't enough for an attacker to access data, adding an extra layer of security.
  • Phishing Protection: Time-sensitive, unique codes provide strong defense, thanks to their one-time use design.
  • Compliance: Many industry standards, like PCI-DSS, require MFA.
  • A variety of 2FA options are available, including Time-Based Ones-Time Passwords (TOTP) codes sent via SMS or email, or Biometric Authentication, providing flexibility.

Fast Passwordless Access with Passkeys

Utilize existing passwordless safeguards, like fingerprint scanners and biometric measures, to validate and permit access to secure messages. Passkeys provide an advanced layer of authentication, while offering a seamless user experience.

  • Offers enhanced security compared to basic authentication.
  • No need for extra verification steps.
  • Easy to use on mobile (no need to type in a password).
  • Works with cloud services like Google accounts or password managers.
  • Can be set up as needed.
  • Users can switch back to using passwords if passkeys aren't an option.

Sender-Set Password for Secure Rapid One-Offs

The employee, sender, sets a password and simply clicks ‘send.’ The receiving person enters the password to gain instant access to their secure message and all accompanying attachments, with full save and reply functions. The sender can also include an optional hint.

  • Eliminates registration process.
  • Messages are accessed quickly.
  • Outlook add-in makes it easy for the senders to set up a password.

Out of Band

This method allows users to send an encrypted message with a one-time, per-message password that the sender communicates out-of-band (via phone, in-person or snail mail).

  • Streamlines registration process.
  • Ensures confidentiality as only the intended recipient possesses the shared secret.
  • Messages get there quickly without waiting (no need to sign up).
  • Makes it easy for the sender to set up a password with Outlook add-in.

No Authentication

Allows people outside your organization to send sensitive information securely inbound to you, without having to register an account. You simply provide a link (via email or website) that directs customers to a secure message-portal.

  • Replies are securely sent.
  • All message actions are audited.
  • Senders can recall messages.
  • The message content is kept private from recipient's email provider.

SMS Application or Sender Enabled

When your organization enables SMS for authentication, the recipient receives a message pickup notification by email. Following the link, they are presented with an option to have a verification code sent to their mobile phone via SMS which then grants access to the message and/or attached document.

  • No need for registration or passwords.
  • SMS verification aligns with the strict definition of MFA.
  • Email codes rely on something you "know", while mobile phones are something you possess.

Sender Set

Messages are encrypted with a password set by the sender at the time of sending. The user then receives a notification to login to the portal using a password shared out-of-band between the two parties.

  • Eliminates registration process.
  • Messages are accessed quickly.
  • Outlook add-in makes it easy for sender to set up a password.


User Managed

Using Echoworx’s self-provisioning portal, external users can self-register, set and manage their own password to access encrypted emails. Additionally, they can set language and delivery preferences.

  • No sender involvement required.
  • Universally understood across all demographics, including seniors and high net worth clients.
  • Consistent performance on all platforms and devices.
  • Fully self-service with no need for administrator resets.

Interested in a personalized demonstration? 

Learn more about our sign-in options and advancements in passwordless authentication with a customized demo designed just for you.

Book a Meeting

Security Assurance & Certification Programs