Walker News

How To Secure Or Encrypt Gmail By Enforcing HTTPS Connection?

If possible, I would like to have all my web service accounts secured by HTTPS connection. If not all is possible, at least the important web services are secured in this way.

Why HTTPS is important? When you click Login or Sign In button to submit account credential to a web service, a sniffer program (a.k.a. network analyzer) that captures data packets can easily extract the plain text form of login ID and password at no time, if the connection is of HTTP.

By using HTTPS (Hypertext Transfer Protocol Secure, a.k.a. Hypertext Transfer Protocol over Secure Socket Layer), all data packets transmitted between server and client are well encrypted.

In other words, HTTPS make it harder for the bad guys to crack the account credential or to tamper the integrity of data packets.

Now, let us back to Gmail case. If I recall correctly, Gmail didn’t provide HTTPS protocol during authentication. However, users could explicitly enforce HTTPS by visiting this address:
https://mail.google.com

Then onwards, the Google Account authentication session as well as email contents, Google Talk, contacts, etc, are all secured or encrypted by HTTPS protocol.

Precisely, the Gmail session is secured from the time you open Gmail Sign In page with the https-based URL until the browser window is closed.

Nevertheless, thing has changed recently, as I just notice that Google enforces HTTPS during Google Account authentication.

That’s to say, the browser is automatically redirected to HTTPS-based URL when I enter www.gmail.com or mail.google.com in the Address bar. How nice!

However, the HTTPS only protects login credential. After Google Account authentication, the Gmail session falls back to HTTP connection again, i.e. all data packets are transferred in plain text form where the man-in-the-middle or packet analyzer can easily read your emails without much efforts.

To overcome this, you have to manually set the new option that tells Gmail to always use HTTPS connections, as if you’re entering https://mail.google.com manually as I did.

Therefore, go to Settings page (available on the top-right of window), find the Browser Connection: in General tab, select Always use https option and click Save Change button.

Custom Search

2014  •  Privacy Policy