So last year, we announced the ability to force Gmail to always use HTTPS, meaning that no matter how you enter into Gmail, your session will be secure. However, users had to manually turn this on, so most people didn't take advantage of this.
That's why I'm happy to report that we've now enabled HTTPS by default on all Gmail accounts. Users don't need to do anything different - but now, their access to email and chat will be fully protected by HTTPS.
This is a great step forward, and I'm glad to see Google leading the way here - from my quick tests, HTTPS is not yet supported on Yahoo Mail, Hotmail, or AOL Mail.
