GMail adds “https:”-only connections but still not by default

Google has added a new “Browser Connection” feature to GMail to allow users to force e-mail sessions to always use the more secure “https:” protocol but, strangely, this is not turned on by default.

In the Settings tab, at the very bottom, GMail users can now select an “Always use https” option for stronger security, especially when connecting via Wi-Fi.

-only connections

This should help reduce exposure to things like sidejacking and cookie theft attacks.

Google explains:

If you sign in to GMail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. We recommend selecting the ‘Always use https’ option in Gmail any time your network may be non-secure. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.

But, beware, there may be errors if you enable this setting in the GMail for Mobile application.

Excellent move by Google but I wish they would go the extra step turn it on by default for all GMail connections.

* Hat tip: Mike Gunderloy at WebWorkerDaily.

[Source: zdnet]