Tuesday, January 12, 2010

Gmail turns on HTTPS for all

I previously mentioned that if you visit Gmail via HTTPS at https://mail.google.com, your Gmail session will be secure, meaning that nobody will be able to see your information as it flows from Google to your computer. While this is great, it's easy to forget to type https:// when you visit Gmail.

So last year, we announced the ability to force Gmail to always use HTTPS, meaning that no matter how you enter into Gmail, your session will be secure. However, users had to manually turn this on, so most people didn't take advantage of this.

That's why I'm happy to report that we've now enabled HTTPS by default on all Gmail accounts. Users don't need to do anything different - but now, their access to email and chat will be fully protected by HTTPS.

This is a great step forward, and I'm glad to see Google leading the way here - from my quick tests, HTTPS is not yet supported on Yahoo Mail, Hotmail, or AOL Mail.