Not Perfect Is Gmail
**UPDATE GMAIL HAS SINCE INCLUDED AN OPTION IN SETTINGS ENABLING FORCED HTTPS:**
Like most, you might thing Gmail is the best web based email out there, and I would have to agree. Google does things a certain way that just work. Well, for the most part. With the ever-increasing usage of notebook/laptop computers (yes more are sold than desktop systems for consumer use now) the idea of security should be on many minds. Public WiFi can be handy, but its a perfect place for your computer to be compromised. As you enter a public WiFi zone, you are basically joining a local network of few or many.
What I'm getting at is secure internet browsing. If you go to either www.yahoomail.com or www.mail.yahoo.com, you are immediately re-directed to https://mail.yahoo.com. Notice its "https" and not "http".
Https is "Hyper Text Transfer Protocol" with an added dash of "s", or Secure Sockets Layer, a protocol primarily developed for secure and safe Internet connections common in banking or any place where private data is exchanged.
The problem with Gmail is that you are not directed to "https", but rather just "http" which is unsecure. The good news is, you can force the issue by typing it in. If you are in Google and simply hit the gmail link, you will get an unsecure gmail. For that reason my tip is as follows:
Enter a secure page by typing: https//mail.google.com and once in, verify that you are in a https page. Then drag the url to your quick start bar, or desktop for easy access. Luckily, if you have the lastest gmail notifier for Mac you will be directed towards a secure page automatically. Unfortunately, the Windows version does not.
Log Out Before Closing Gmail
The authentication cookies will still be set for the google domain. If you navigate to any other area of Google after logging into secure Gmail, your session information will be spilled for any WiFi sniffer to access. This likely includes sites with adsense.
So, to safely use Gmail:
- Close all other browser tabs and windows before opening your secure Gmail
- Don't click email URLs or navigate to other sites while Gmail is still open
- Sing off before continuing to browse the web
2 comments:
I noticed this a while ago too! I was wondering why https wasn't turned on by default. *shakes head* Great post, I'll be passing it along. Thanks!
Update: Google has since added a setting that allows you to force HTTPS!
Post a Comment