GMail adds "https:"-only connections but still not by default

GMail adds "https:"-only connections but still not by default

Summary: Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default.In the Settings tab, at the very bottom, GMail users can now select an "Always use https" option for stronger security, especially when connecting via Wi-Fi.

SHARE:

Google has added a new "Browser Connection" feature to GMail to allow users to force e-mail sessions to always use the more secure "https:" protocol but, strangely, this is not turned on by default.

In the Settings tab, at the very bottom, GMail users can now select an "Always use https" option for stronger security, especially when connecting via Wi-Fi.

-only connections

This should help reduce exposure to things like sidejacking and cookie theft attacks.

Google explains:

If you sign in to GMail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. We recommend selecting the 'Always use https' option in Gmail any time your network may be non-secure. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.

But, beware, there may be errors if you enable this setting in the GMail for Mobile application.

Excellent move by Google but I wish they would go the extra step turn it on by default for all GMail connections.

* Hat tip: Mike Gunderloy at WebWorkerDaily.

Topics: Cloud, Browser, Collaboration, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Google obviously - and rightly so - regards this matter as important,

    as can be seen from the fact that even we in Sweden are now allowed to choose the [b]Gmail[/b] option to ?Always use https? - I checked immediately after reading Ryan's article. By way of comparison, it can be noted that we are still not able to use [b]Google Docs[/b] offline, nor does the link to the [b]Google[/b] privacy policy yet appear on the [b]google.se[/b] home page....

    (Agree with Ryan that this feature should be enabled by default....)

    Henri
    mhenriday
    • Try a manual switch first

      Try manually switching your logged-in Gmail connection to HTTPS: and then look in settings. I had to do that to find it the first time.

      _ryan
      Ryan Naraine
  • RE: GMail adds

    Google is just now getting this feature? They really are behind the times. If their employees didn't sit around playing with office toys all day they could have had this feature out years ago. Just more slacking from Google.
    Loverock Davidson
    • Still waiting for Hotmail to do it...

      Hotmail has existed for much longer and yet there's no hope of seeing them do this kind of thing.
      luch3
  • Its simple.... processing power

    It takes more processing power to run https, so why make it default. Let users who know better set it before you waste cpu processing on people who dont care.

    I understand the feeling that everyone should use https, but for a free service, they have to cut costs somewhere.
    Been_Done_Before
  • RE: GMail adds

    Still waiting for it in Google's partnered accounts.
    laakso1
  • Is YHOO still even in the game???

    If the clowns led by Jerry wanna show the world they have *any* clue...and are *any* better w/out M$, they will make sure to beat Hotmail on this, and do it fully before GMail. That might be a start to showing they are still a premier internet company!!!

    YHOO, please go full SSL on Mail!!!
    Techboy_z
  • RE: GMail adds

    Probably the reason they are not using it as default like live mail is that its too expensive when it comes to processing overhead. People who knows a little about security will definitely go for https while less computer savvy people like my father won't see the difference until the site points out and give him a "clear" option.
    cyberdron