In January of 2010, Google made HTTPS encryption a default security setting for Gmail users email session via a webpage. (See Link Below)
This was a positive move, because it greatly reduces the risk of someone eavesdropping on your communications with Gmail. Gmail users privacy was increased significantly, which will cause a reduction in personal information breaches.
Note: Now this enhanced security can be defeated if you are using a computer that has malware that can steal your keystrokes or clicking on unfamiliar links on websites and in email that can hijack your computer and use the HTTPS security to protect their misdeeds.
Google's decision to make HTTPS the default setting was due to criticism from a group of computer scientists, law professors and security experts, who voiced their concerns in an open letter to their CEO Eric Schmitt. The group, claimed that the default unencrypted settings put customer and information at risk unnecessarily. (See Link Below)
An open letter to Google's CEO, Eric Schmidt
What is HTTPS? See Link Below
How to Disable and Enable Gmail's HTTPS security setting
Gmail is set to use the 'Always use https' setting by default, but you can change this setting anytime. Here's some background on why we default to this option: If you sign in to Gmail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.
To disable or re-enable this feature in Gmail:
- Sign in to Gmail.
- Click the gear icon in the upper-right corner, and select Mail settings.
- In the General tab, set 'Browser Connection' to 'Always use https' or 'Don't always use https.'
- Click Save Changes.
- Manually change the URL to http://mail.google.com to start accessing Gmail via http.
Please note that selecting 'Always use https' will prevent you from accessing Gmail via HTTP (Hypertext Transfer Protocol). If you trust the security of your network, you can turn this feature off at any time.
If you use a public computer to check your email, it's also important to sign out at the end each of your Gmail sessions. Just click the down-arrow next to your name in the upper right corner, and select Sign out. Also, make sure you close all Gmail browser windows.
Google's decision to make HTTPS a default security setting prompted Twitter and Facebook to follow suit and turn it on be default at well. (See Link Below)
If you use Gmail, Facebook or Twitter, enjoy the enhanced privacy protection.
Enjoy,
Julius Clark, MBA, CISSP, CISA