Significantly Improve Security While Using Your GMail Account
Aug 26th, 2008 by MrGroove
Google recently made a change on GMail which allows users to enable SSL encryption (also known as https) for the entire site / application where previously SSL was only used on the login page <insert applause sound here>.
Being that I’ve been using GMAIL recently for more than just transitory throw away email (I know… I know…) I’m very happy Google decided to further protect it’s customers by adding SSL to the entire site!
Let’s Quickly get to the How-To Enable SSL for All Pages inside GMail:
1) Login to GMail and Click Settings
2) Scroll to the bottom and Click the Bullet Always use https and Click Save Settings
3) Refresh your Browser (usually just by pressing F5) and TADAA!!! HTTPS is enabled for all GMAIL Pages!
Some of you might be asking “What’s the big deal? Why the excitement? Sure, encryption in transit is a good thing but, the likelihood that someone is sniffing / capturing my traffic between my browser and the GMail server is probably between 1-5% at best (and 50%-75% if you have a bored IT guy at work…)”. And ya know what, if that’s what worried me, I’d agree; don’t waste the time. BUT, that’s not the scenario I’m concerned about.
You see, one of the great things about GMail (or any online service for that matter) is its ability to be accessed from any computer, anywhere in the world including:
- Work
- Home
- Mobile Device (iPhone etc..)
- Friend / Relative / Girl Friends
- Kiosk Terminals (see where I’m going with this?)
And that’s actually where the danger lies. You see, almost all Website pages you access (including your GMail, Hotmail and Yahoo Mail accounts) are cached by your Web browser and stored on the computers (or Kiosks)local hard drive. The only exception to this rule of course is SSL protected pages!!! You see, the default behavior for almost all Internet Browsers (out of the box) is to NOT cache SSL pages (aka https pages). That’s why I’m making such a big deal about Google enabling SSL protection for ALL pages on GMail.
Example – A few years back when I worked for a corporation as a computer forensics specialist, some of the most useful data I would gather would be from the users Cached Internet Folders. It’s amazing what you ALWAYS find in there. Included in the findings was ALWAYS the users emails from their Hotmail or Yahoo Mail accounts. I know… eek!
So, do you get it? Go now and enable SSL ASAP if your a GMAIL user. Trust me, the last thing you want is your personal email sitting on an airport terminal kiosk left for anyone to read and exploit!
As of 8/26/08 (Bad news for Yahoo and Hotmail Users)
- GMail.com - SSL / https encryption supported for all pages including Login and Email Reading/Authoring
- mail.Yahoo.com – SSL / https forced during login however SSL is not supported for any other page
- Hotmail.com / mail.Live.com – SSL / https is not supported for ANY pages (not even login….)
Questions? Comments? Would love to hear from you!
Tags: security, encryption, ssl, hotmail, gmail, yahoo-mail, privacy
Thanks! I just updated my gmail account. I just love the site. Your articles are not just howto articles but they also contain a lot of great info! I learn something interesting with every article.
I wish you wrote a new article every day
Thanks Liz. I appreciate all the positive feedback for the site. My goal is to have to release a quality post every day (I have no shortage of things to write about, I have about 30 Articles/Tutorials all 50% written!!!) but the day just slips by so quickly and my day job is getting busier and busier!
Again, I appreciate the kind words and I’ll try to shore-up the time between articles!
-MrGroove
good read. no idea why all the sites don’t enable ssl
Thanks groovydude I definitely just learned something.
@talis99 - I agree! Why doesn’t google just set this on by default!!?! I’d just still leave the option to turn it off for those home user performance nerds.