Google tightens Gmail security

HTTPS always on

By Nick Farrell

Thu Jan 14 2010, 11:05

KEEN TO PROVE how secure its Gmail web-based email service is after Chinese hackers broke into its services, Google has tightened up Gmail encryption.

Since 2008 users of Google mail have had the option of using the HTTPS protocol, which encrypts mail as it travels between the web browser and Google's servers.

Writing in its blog, Google said that using HTTPS helps protect data from being snooped by third parties, such as in public WiFi hotspots.

Initially Google decided to leave the choice of using HTTPS all the time instead of just during user signon to its users because the more secure protocol did slow down traffic.

After researching the matter, Google now thinks that the benefits outweigh the drawbacks and has turned on HTTPS on for everyone all the time.

It is rolling out default HTTPS for everyone. If you've previously set your own preference in Gmail Settings to HTTPS, nothing will change for your account. If punters trust the security of their networks and don't want default HTTPS turned on for performance reasons, they can turn it off from the Gmail Settings menu.

Still, we wonder if Google would have done this if it had not been for those pesky Chinese. µ

Motorola Defy+ review A forgettable Android handset, best suited for first time users Wednesday, 7 December 2011, 13:37 PM Read more	Samsung Galaxy Nexus review Android 4.0 is the stand out feature on a decent smartphone Thursday, 24 November 2011, 17:58 PM Read more
Diginotar hackers targeted CIA, Mossad and MI6 Dutch government identifies over 500 rogue certificates Monday, 5 September 2011, 12:43 PM Read more	Google adds inbox styles management to Gmail Choose your own style Friday, 8 July 2011, 15:40 PM Read more
Samsung Chromebook hits the UK to mixed reviews A dumb netbook running a Google OS Friday, 24 June 2011, 15:00 PM Read more	Motorola Atrix review Is it a phone? Is it a laptop? No, it's a Motorola Atrix Tuesday, 24 May 2011, 08:31 AM Read more

< Previous article| Next article >

Comments

Well, it's always on, sort of

If you use the gmail notifier, it will dump you into a standard http session, not a https session.

posted by : Average Joe, 15 January 2010 Complain about this comment

HTTPS corporate gateway checking

@charles
well speed is first reason-google always carefully assembled their websites to achieve fast loading times for to avoid world wide wait

other reason is control over what employees are sending out&receiving. I have been working on MS ISA webmonitor plug-in for 9 years and you would be surprised how many companies sees https as bypass through their gateway security. Gateway products resisted to infiltrate into https and therefore break one of the purpose of https -to protect against man in the middle
attacks. However perception changed and these days gateway products do break https and certificate of website received by browser might not be what web server sent.

btw chat part of https gmail page is in plain http form which is not as secure solution as it should be.

posted by : SpaceQ, 15 January 2010 Complain about this comment

Duh!

I've had this option enabled since it was first made available. Why anyone would want to access their sensitive e-mails over an unsecure connection is beyond me.

posted by : Charles, 14 January 2010 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Solutions Architect - Oxfo

Solutions Architect - Oxfor...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Google tightens Gmail security

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review