Enabling Encryption on Gmail

Google has been criticised by a group of security experts for not routinely using encryption in it Gmail web mail product. While Gmail does not use HTTPS by default, it is possible to enable it. The procedure for enabling enable HTTPS is as follows:

1. Log into your Gmail account in the normal way and click on "Settings" at the top of the screen; this will display Gmail's settings.

2. Select the "General" tab (if it is not already selected) and scroll to the bottom of the screen. You are looking the "Browser Connection" options show in the picture below (click on the picture to see a larger version).



3. Select "Always use HTTPS" and then click "Save Changes". Your Gmail account will now use HTTPS for all communications, reducing the possibilities for "man in the middle" type attacks.

Our recommendation is always to use HTTPS although this is particularly important if you are planning on using insecure Internet connections such a public Wi-Fi or Internet cafes.

Google Tackled Over Gmail Security

Google has been tackled by security experts explain why it is not making its Gmail, Google Apps and Calendar services more secure. The 38 signatories to the open letter want Google to start using the secure version of HTTP. In response, Google said it was considering trials with a select group of users.

A key concern of the signatories is that, as more of us used insecure Internet access – such as public wireless networks – there is a risk of sessions being hijacked by criminals who could then impersonate the genuine user.

Google currently only protects the log in process as user’s sign in, as soon as the sign in process has completed encryption is turned off. It is possible to force Gmail, Google Docs and Calendar into using encryption all the time but the option is difficult to find and many users simply retain the default settings. Every web mail provider currently faces the same problem.