Google recently added a setting to its Gmail service that allows users to always keep their sessions encrypted. It’s a really good idea to turn this one on if you want to keep hackers out of your account.
But I already login with https…
That’s true… the Gmail service handles your login in an encrypted fashion, but… unless you’re very specific about opening the site using https:// (or SSL), the service will authenticate your login and then switch you back to an http:// (non-encrypted) session. So… your password remains secure, but your session does not.
A tool is about to be unleashed to hackers that will allow them to get busy breaking into Gmail accounts. You’re particularly vulnerable if you access Gmail from a wifi hotspot or any public computer… which is one of the reasons we all have Gmail accounts, isn’t it?
Here’s how to make the change
Our “don’t be evil” friends have been kind enough to be very quiet about the new settings option, and then bury it so it’s hard to find. Here’s where to make the change:
- Login to your Gmail account. Here’s a hint: use this secure login link.
- Click on “Settings” (on the top, near the right)
- On the “General” tab, scroll all the way down. I’m including a picture below for you, but click “Always use https” and then save your changes. Your settings will be remembered no matter what computer you login from.
Now you should be in good shape. Hey… when was the last time you changed this password? (You do change passwords regularly, right?)
By the way, if you’re interested, you can find the technical explanation here. (And you thought mine was technical!)