Google adds https encryption to its Gmail web mail service

News by SC Staff

Google's Gmail is to add https encryption to all of its web mail users.

Google's Gmail is to add https encryption to all of its web mail users.

Following the general option to use implementation two years ago, Google engineering director Sam Schillace explained that the option will now be default for all users.

He said: “If you've previously set your own https preference from Gmail settings, nothing will change for your account. If you trust the security of your network and don't want default https turned on for performance reasons, you can turn it off at any time by choosing ‘don't always use https' from the settings menu.

“Gmail will still always encrypt the login page to protect your password. Google Apps users whose administrators have not already defaulted their entire domains to https will have the same option.”

He also explained that the choice of using it is up to the user due to the downside of https making mail slower, as encrypted data does not travel across the web as quickly as unencrypted data.

Over the last few months, we've been researching the security/latency trade off and decided that turning https on for everyone was the right thing to do,” said Schillace.

Graham Cluley, senior technology consultant at Sophos, said: “The timing of Google's announcement is interesting though. Could it be sheer coincidence that Google has made this change to the way Gmail works at the very same time that it announced Chinese hackers were breaking into its systems, reportedly in order to access the Gmail accounts of human rights activists.

“At the moment we can only speculate, but regardless of the motivation - I'm pleased that Google has made this change as it makes life harder for the bad guys, who might try to snoop. And anything which makes life harder for the bad guys, is good news for all the rest of us.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews