Gmail does not operate in SSL mode (secure Sockets layer encryption) by default, but you can easily configure it to do so in order to be more secure. Here is how:
- 1. If you are not already logged in to Gmail, log in to your account.
2. Click the settings link in the upper right hand corner of the page.
3. On the Settings page, click on the General tab.
4. Select Always Use HTTPS
5. Click Save Changes
If you log out and then log back in, you should be in SSL mode. Check by looking at the URL in the top of the browser screen; it should begin with https: instead of http:
SSL Mode On
Your email messages and other services such as Gtalk will now be more secure and more resistant to hackers.
For Gmail for Mobile users: if you are using an older version of the Gmail app on your mobile device, enabling the ‘Always use https’ setting can cause error messages, like “unexpected error” or the app may crash altogether. The https setting is only compatible with Gmail Mobile from version 2.0.6 and on. If you have version 1.5 or 2.0 there are workarounds.
Sidejacking Caution
Although this should secure your Gnail in most cases, be aware that it is still possible for a dedicated hacker to “sidejack” you if you are connecting via a WiFi network.
Google’s JavaScript code will revert nonencrypted mode if SSL fails. So if you try to log-in to Gmail and fail, while connected to a non-encrypted WiFi hotspot, a session-ID cookie is still sent to the router; these could be captured by anyone in the vicinity who had the right software tools. (Admittedly an unlikely chain of circumstances but not impossible, and good to know about) This particular problem not only affects Gmail but many other Web 2.0 sites like MySpace and Facebook that use cookies the same way.
Comments on this entry are closed.