I have been wanting to write about this for a while. When you send an email without the encrypted settings set in Gmail, your email messages can be read in plain text during transit. If you use web-based email it is better from a security or privacy perspective to use HTTPS (if it is available). This point can be can be argued both ways, but the basis of Defense in Depth is that your use a layered approach and avoid a single point of failure.
Updated 29 April 2009
If you sign in to Gmail via a non-secure Internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking. Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain like bank statements or online log-in credentials. We recommend selecting the 'Always use https' option in Gmail any time your network may be non-secure. HTTPS, or Hypertext Transfer Protocol Secure, is a secure protocol that provides authenticated and encrypted communication.
-To enable this feature in Gmail:
Sign in to Gmail.
Click Settings at the top of any Gmail page.
Set 'Browser Connection' to 'Always use https.'
Click Save Changes.
Reload Gmail.
More here
Please read the warnings and incompatibilities from the Gmail support page. Number three of the steps above is under the General tab and located at the bottom of the page.
Thanks for the HTTPS tip on GMail, I did not know of this. :)
ReplyDelete