Skype Security

Protecting your online safety, security and privacy.

If you need to report any suspicious behavior or security problems then please contact us.

If you have found a security vulnerability in any of Skype clients or online services, please follow the instructions at this link: Report a Computer Security Vulnerability.

What you can do to stay safe

Passwords

Choosing a secure password to access your Skype account is crucial. Hackers use lists of common passwords to access accounts (not only on Skype but across all websites). It is therefore critical that you use a strong, unique password.

  • Use a mixture of letters, numbers and characters - like characters above the numbers on many keyboards such as %, $, £ and !.
  • Avoid names as these are easily broken.
  • The longer the password is, the stronger it usually is but the harder it is to recall.
  • Avoid writing your password down by choosing a password you can remember.

So how can we balance good passwords that need to be long and complex with the ability for a human to remember them without writing them down?

There are a number of ways, so why not try some of the following techniques:

Use a sentence as your password
Passwords are limited to 20 characters but you can create a difficult password to crack by using a short sentence. Include numbers in your passwords, so instead of "MyReallyGoodPassword" try "MyR3allyG00dPassw0rd".

Include uppercase and lowercase
"mypassword" is not as secure as "MyPaSSworD" so add in a few capitalisations.

Make the password personal to you
Your password is something that only you should know and not something that someone else could easily find out. For instance, a password that was the name of your dog or a favourite movie are something that others might know. With the advent of social networking a lot of personal information is available about you, so try to think of something that only you know. How about looking outside and describing something you see "The River Flowing!" or "A Yellow caR".

Unique password per site
We all have large numbers of websites that we have to remember our username and password for but not all sites are created equal. Whilst we at Skype care passionately and invest heavily in your security, unfortunately not all sites do. So use passwords that are unique to each website you use in order to prevent any compromise of those other sites from affecting your Skype account.

Strange and special characters
Including in your password punctuation, symbols and other non standard characters all help to increase the strength of your password. Take care with spaces however, and only use them in the middle of your password and not at the beginning or the end. For example, "I Really L0ve Skype$" and "^ have a $strong password!!"

Change your password regularly
A password should be considered to live for only a short period of time. Keeping the same password for many years is not recommended but equally changing it every day might result in making it hard to remember! So try to change your password as often as practical, for instance a couple of times a year.

And remember, if you ever suspect your password has been compromised sign into Skype and change it immediately. Change your password.

Protecting your computer

Viruses can damage your computer and collect your private data, regardless of whether you are using Skype or not. Avoid this by following these tips:

Most viruses these days come in the form of email attachments so don't open attachments from people you don't know, or suspicious-looking attachments even from people you know. When in doubt, always contact the sender to confirm the email is legitimate, even if it looks harmless (such as an e-card or funny picture) at first sight.

  • Always use an antivirus program to check the files you receive from other people, whether by Skype or any other method, even if you know the sender. And keep it up-to-date and running at all times.
  • Use a personal firewall.
  • Make sure you have set your computer to regularly receive the latest security updates and patches. This is not just the operating system itself, for instance Microsoft Windows or Apple Mac OS X but also the applications such as Adobe Flash, Microsoft Internet Explorer or Mozilla Firefox.
  • Be careful which sites you choose to visit and download content from too. Use the official site.

Visit InSafe or Get Safe Online for more information on using the internet securely.

Keeping Skype up-to-date

We'll let you know whenever a new, improved version of Skype becomes available. You can also manually check for any updates: on a Windows PC go to Help > Check for Updates; or if on a Mac go to Skype > Check for Updates

Always be very wary of any emails pretending to be from Skype saying a security update is available - we will NEVER do this.

Privacy settings

Some people are very private, whilst others take to the limelight like ducks to water. Skype keeps both kinds happy as our privacy levels allow users to either keep a low profile, or meet new people in the vast Skype network.

To update your settings on a PC, open Skype and click Tools > Options > Privacy. On a Mac it's Skype > Preferences > Privacy. Here you can set your preferences for receiving communications.

We recommend you do not authorise people whom you do not know and/or do not want to talk to.

Profiles

Setting your Skype profile is easy. Your profile acts as your calling card to millions of other people on Skype. You can add your birthday, gender, phone numbers and location - all of which help other people find you.

Your email address is securely stored by Skype and not shown to anyone else. It is used solely to allow friends and family or business colleagues to search for you in the directory.

Things to remember

  • Public parts of your Skype profile can be seen by everyone else on Skype.
  • Do not put details in your profile that you do not want to be publicly available.
  • You do not have to fill in your profile if you do not want to.
  • You can change your profile at any time.

Avoiding online fraud, spam and viruses

Always ensure you trust a website or merchant before giving your credit card information to sites that claim to be reselling Skype products.

You can buy Skype Credit and subscriptions directly from the Skype website. You can also buy accessories safely from the Skype shop.

Never reply to emails that request your credit card details, password or other data. Skype will NEVER request such data by email. Our Customer Support agents may request your payment/order details or ticket tracking numbers for streamlined troubleshooting, but they will never request your credit card data or password.

You can report illegal resellers or parties misrepresenting themselves as Skype by sending an email to us.

Phishing

Phishing is the process whereby a malicious third party attempts to trick you into providing information that they shouldn't have. For instance, someone could send you an email pretending to be from Skype and ask you to click on a link asking you to sign in and check your account.

When you click this link you are then directed to a website that may look like Skype; however, it is being controlled by a third party and when you enter your Skype Name and password they store this information and use it for malicious purposes.

So how do you defend against phishing? Vigilance. Whilst SPAM filters and other filters are increasingly effective there is always going to be some emails that get through. But by increasing your awareness and alertness in responding to or acting upon those emails or malicious sites you can use simple steps to defeat their attempts.

Emails that have a false sense of urgency, for instance "Unless you click this link your Skype account will be disabled", or "Your account has been compromised, click here to view details" are both examples of asking you to act in haste without verifying the source.

If an email is asking you to perform an action on your account, don't follow the links on the email but type skype.com into your browser and go to your account directly from the Skype website.

If you arrive at a website, through a link or some other such redirection ensure that it says skype.com in the URL and does not contain within the web address additional characters or words. For instance, notskype.com or skype1.com are both invalid web addresses.

And remember, if you do think that your account has been compromised or even suspect it, then go to skype.com and change your password immediately.

Your Skype identity

Identity theft is big business in the criminal world. Your identity has a value and you must protect this to ensure that you don't become a victim. There are a number of controls in place that protect your information and identity when in use with Skype.

When you sign into your account on our site all the information is sent over SSL. SSL encrypts all the information before it leaves your computer and can only be decrypted by our server. This is the technology in place on, for example, your online banking site or when you make a payment on an e-commerce website. When you sign in via Skype itself your information is also encrypted and kept safe from malicious third parties.

Skype also uses a technology called digital certificates to provide further assurance that you are in conversation with whom you think you are. Everyone using Skype is issued this digital certificate and it forms part of the protection that is provided to ensure that your Skype account can only be used by you and help to ensure that third parties can't impersonate you. Remember, this identity is protected by your Skype Name and password.

More about Digital Certificates.

Your Network and Skype

Skype is a peer-to-peer communications application, which means that it relies on computers being able to directly send information to one another over the internet. As such, Skype works best when users are able to communicate directly amongst themselves over the internet without blocks or interference.

Firewalls are set up to protect computers and networks from outside access, thereby thwarting attacks from potentially malicious third parties on the internet. The presence of firewalls on a user's network often prevents that user from being able to directly receive communications from other users, which can reduce the quality of a voice call.

However, Skype will work fine even if it is behind a firewall. This is because when Skype runs on a network behind a firewall, it connects "outward" toward the internet. Skype does not in any way modify or interfere with the use of firewalls on your network. Whilst allowing incoming connections to Skype could increase the quality of a Skype call, no special firewall rules or exceptions are needed.

Find out more in the IT administrator guide.

What we do to keep you safe

Encryption overview

The internet, like any network, can be monitored by criminals and hackers at any number of points. This is one of the reasons why email and many internet chat programs are not secure. As there are so many ways for unknown persons to monitor your communications, you must take positive steps to protect yourself from these malicious third parties.

Encryption is the process of converting information, using principles of mathematics, in such a way that it is readable only by the intended recipient after they have converted the information back. Many kinds of encryption techniques have been developed over the centuries. This process is called encryption and decryption and forms part of the security discipline called cryptography.

As far back as 1900 BC the Egyptians utilized non standard hieroglyphs to protect a message; whilst the Greeks in 490 BC used strips of leather wrapped around a specific length and width of staff. This process of disguising a message is called cryptography. Julius Caesar possibly created and used the world’s first substitution cipher. Through shifting each letter a fixed amount, for example 'a' becoming 'e', 'b' becoming 'f' and so on, resulted in unintelligible words and messages. The approach of applying rules to a message and the result of a separate encoded message is called a cipher. The key to unlocking the hidden message was knowing the offset of which to shift the letters; forward to encode and backwards to decode.

These ciphers, whilst primitive now, were at the forefront of cryptography at their time but as with any advancement greater technological resources and knowledge can be used both to further a subject but also to work against it. As past ciphers can now be defeated trivially, modern ciphers must also continue to evolve.

Here at Skype we use standard internationally recognized and accepted encryption algorithms that have withstood the test of time over many years of analysis and attacks. This protects your communications from falling into the hands of hackers and criminals. In so doing, we help ensure your privacy as well as the integrity of the data being sent from you to your contacts.

Digital Identity and Encryption in Skype

One of Skype's main goals is to protect you from malicious attackers eavesdropping on your communications. In addition, we want to prevent the kind of impersonation that fraudsters often use over email (for instance phishing) to trick users into giving up valuable personal information. To achieve these goals, Skype issues everyone a "digital certificate" which is used to establish and confirm both the identity of the person placing and receiving a Skype call or chat.

What is a Digital Certificate?

A digital certificate is an electronic credential that can be used to establish the identity of a Skype user, wherever that user may be located. Just like a physical identity document, such as a driving license, a digital certificate must have certain properties in order to be used as a form of identification. In particular, it must:

  • Name the specific account being identified.
  • Be issued by an authority that can revoke the certificate at any time.
  • Be difficult to counterfeit.
  • Contain the countersignature of the issuing authority, which, in this case, is Skype.

Authentication

As each Skype user possesses a digital credential, it is possible for any Skype user to verify the identity of any other Skype user. This process is called authentication, the proving of each party's identity to the other. In order to gain access to this digital certificate your Skype Name and password is confirmed. It is therefore imperative that you follow our guidelines for keeping your Skype Name and password secure.

Authentication is a critical step in ensuring secure communications. Imagine having a conversation with someone who claimed to be a business partner, but who is actually an impostor. The conversation could be strongly encrypted as normal yet the divulging of private information could still occur.

Encryption

Communications networks, such as the internet, can be monitored by criminals and hackers at any number of points. This is one of the reasons why email and many internet chat programs are considered unsafe from a security point of view. In other words, because there are so many ways for unknown persons to monitor users' communications, users must take positive steps to protect themselves from this type of intrusion.

Encryption is the process of encoding a message, using principles of mathematics, in such a way that it is readable only by the intended recipient. Many kinds of encryption techniques have been developed over the centuries, but they all tend to resemble a lockbox and key; once a secret message is put into the lockbox and secured with the key, it can only be read again by someone possessing the same key. The key can be something known or even a physical object, such as the length and width staff as mentioned above. For Skype your key is your Skype Name and password, hence the criticality of keeping that safe.

Skype uses well-known standards-based encryption algorithms to protect Skype users' communications from falling into the hands of hackers and criminals. In so doing, Skype helps ensure user's privacy as well as the integrity of the data being sent from one user to another.

Independent security review

This review of Skype’s encryption provides a detailed review of the security framework that is incorporated into Skype products. Skype provides its users with protections against a wide range of possible attacks, such as impersonation, eavesdropping, man-in-the-middle attacks and the modification of data while in transit.

The report describes the general protective mechanisms that are in use throughout Skype’s infrastructure as well as the general security policy that defines the basis for all designs within Skype’s operational framework.

Security review