Gmail Security – Always Use HTTPS

Those of you who currently Login to Gmail may have noticed a new notice in red at the top of your email screen More Google Mail Security.

This message tells us that Google Mail, or Gmail, is now offering HTTPS by default. HTTPS stands for Hypertext Transfer Protocol Secure. It provides authenticated and encrypted communication. HTTPS is the same protocol used by banks to keep your online accounts safe. In simple terms this means your data is coded at your web browser end and uncoded at Google’s mail servers. Your data is therefore secure as it travels between your web browser and the Google Mail servers.

(For a more technical explanation see Wikipedia.org)

In general, online data is vulnerable to hacking. HTTPS encrypts your data so if you are using public Wi-Fi or any non-encrypted network, your privacy and security are still safeguarded.

Non-secure networks make it easier for someone to access your bank statements or log-in details. This can lead to identity theft and someone gaining access to your Gmail account can access a lot more than you want to share!

Google has been ahead of the other mainstream webmail providers in that it allowed encrypted access to Gmail. A configuration change was required but it was available. Hotmail and Yahoo! do not have this option, nor does Facebook. And now Gmail offers it as a default. Great news for our email security.

The default option Gmail Sign Up has introduced is “always use HTTPS”. This extra of security can slow down your Gmail so if you are using a secure network you can choose to disable this option. If you disable HTTPS, Gmail will still automatically encrypt the login page to protect your password.

Unless your Gmail really slows down it is probably a good idea to leave the new default in place. Otherwise make a note to turn it on again when you work from a Wi-Fi cafe or public space.

It is very simple to turn on and off this function. Just go to Settings > General >Browser connection and choose Always use https or Don’t always use https.

Felipe Rojas