In late January 2021, Hitachi, a major general electronics manufacturer,Established policy to ban PPAPAfter it was reported thatI see many reports and articles about PPAPIt's been a long time, isn't it?
In this article,What is PPAP in the first place?"or"Reasons why PPAP is considered NG” will be explained.
What is PPAP in the first place?
What is PPAP?P.I will send you a zip file with assword" "P.I will send you an assword."A.encryption (encryption)P.It is a word that takes the initials of each protocol.
in short,Attach the ZIP file with the password and send it by e-mail, and then send only the password by e-mail separately.pointing to
This is one of the security measures, and has been widely used in Japan since the time when files were exchanged by e-mail.
Specifically, you can proceed as follows.
Specific steps for PPAP
- the sender sent the fileEncrypt a ZIP file with a password, attach it to an email, and send it.do
- Sender attached with 1Email the password for the ZIP file separatelydo
- Recipient decrypts ZIP file 1 received from sender with password 2
The reason why it is called PPAP is actually derived from Pikotaro's PPAP.
Mr. Akira Otaishi, an IT consultant who is currently the representative of PPAP Research Institute, was the one who proposed calling this PPAP. It is derived from PPAP (Pen Pineapple Apple Pen) announced by Piko Taro in 2016.
In 2016, Otaiji got a hint from someone who said that Pikotaro's PPAP sounded "protocol-like," and named the "security gesture" of password-protected ZIP mail PPAP (information Processed July 2020 issue reprint "<Small Special> Goodbye, Meaningless Encrypted ZIP Attached Mail").
Quote:Pico Taro? Password-protected ZIP mail, why is it called "PPAP"?
Why PPAP is bad Two reasons why PPAP is considered NG
then whyPPAP is prohibited by companies or its use is NGIs it?
I've narrowed it down to two main reasons, so let me introduce them.
Two reasons why PPAP is considered NG
- Weak security effect
- Wasteful and time consuming
Reason 1: Weak security effect
As a first reason,Although PPAP is used as a security measure method, its security effect is weak.It is.
The specific reasons are as follows.
Reasons why PPAP's security effect is weak
- ZIP file with passwordTools exist to analyze passwordsdo
- By zipping the attached file, the file will beIt is easy to bypass the check for virus infectionBecome
- Through ZIP files with passwords such as Emotet,When it becomes a hotbed of malware that spreads infectionthere is
Reason 2: Wasteful and time consuming
next,PPAP is wasteful and time-consumingis the second reason.
In spite of the time and effort required, the security effect is low as mentioned above, and there are the following time and effort and risks.
Wasteful, time-consuming and risky
- Sending passwords in separate emails is time consuming and wasteful
- In order to view password-protected ZIP files on mobile devices such as smartphones,Special app may be required
- in the emailRisk of erroneous transmissionthere is
Why PPAP is NG? summary
I hope you now understand why PPAP has been banned by major companies and why its use has come to be criticized.
PPAP has not had much public discussion about its security effectiveness so far.As a long-standing custom, many companies have made internal rulesI think.
This time, it was triggered by the fact that it was a big topic,It would be good if we could proceed with discussions on appropriate information exchange and security measures.is not it.
English 
Japanese 
Vietnamese 
Thai