Google Upgrades Security on Gmail

January 14th, 2010 admin

[From Google Upgrades Security on Gmail - Gadgetwise Blog - NYTimes.com]

Google is changing the default for its web mail service, placing security above performance.

In a blog post Tuesday night, Google said it would begin using Hypertext Transfer Protocol Secure, or HTTPS, technology to encrypt all traffic carried on its free Web-based e-mail service. HTTPS is a popular Internet protocol that combines the standard HTTP Web protocol with a layer of encryption based on the SSL/TLS protocol. It is commonly used by online banking services and shopping sites to protect secret customer data from interception by Web eavesdroppers.

Gmail has always used HTTPS to encrypt login pages, and thereby defend passwords, but encryption of e-mail traffic itself has been an option that users had to select. Now, Google will move all users to HTTPS by default, arguing that the security benefits of that outweigh the slight hit to the speed of e-mail delivery that the technology imposes. The performance impediment has been steadily diminishing as an issue because computing power, the speed of individual connections and overall Internet bandwidth have all expanded.

. . .

The move to HTTPS for Gmail was praised by some privacy advocates, who expressed hope that other popular Web-based email services, like Yahoo Mail and Hotmail from Microsoft, would soon follow suit. Making HTTPS use the default for all users is important because few people take the trouble to actively turn on security features, said Jeremiah Grossman, the chief technology officer of WhiteHat Security, a Web security firm. “It’s free security. Whenever that happens, we’ll take it.”

Posted in Operating Systems | No Comments »