I was surprised the other day when I read about the types of security connections that you get when you use Gmail.
It seems when you use Gmail, Google uses https for authentication and http for everything else, I assume to save resources.

I guess my surprise was in that Google didn't maintain a secure session once logged in regardless if you entered the site via http or https. Yes, I may be a bit naive in assuming that this would be done by default.

To change this issue, you have to Log In to your mail account, and in Configurations, you have to go to the bottom part of the page, there you can select what type of connection do you want(obiously we are looking for https connection), so select it and then save changes.

I hope this was useful for you, greetings.

I don't think gmail uses non secure connections when you sign in via https.
If check the help about this option you'll see this line:


"Always use https" just means that you can't sign in via the normal (not-secured) http protocol, thus forcing you to use the https protocol.

I agree with wutske on that one. Always use https, is a must for people who access the Internet from Cyber cafes. While, those that have a connection at home, can use the non secure protocol to speed things up. I rarely use https because my 128 Kbps connection is quite slow.

I prefer https, even if it slows things down, I realy don't like that my passwords and other personal stuff are sent out in the clear. Even tough nobody might be interested in it, I still think it's a got habbit to check and use security measurements that are available (I always use https when signing in at hotmail too ).

The Always use HTTPS option only appeared recently:


Before that, authentication (sign in) always used HTTPS, same with Windows Live Hotmail. Of course I prefer using HTTPS, it is more secure and I use it if it is available. I do not notice the speed difference.

I don't use HTTPS for GMail, I have this feature off I guess, I didn't really check it, it's much faster with HTTP for me that's why I prefer it, I try to avoid connecting to anything from other computers, especially at public places like library or university, but sometimes I have to, but as there really aren't anything special, just privacy stuff.. not a paypal or bank account or something, but still if someone would have hacked my gMail account it would be disappointed, I wish my ISP would be much faster when using HTTPS connections

Quatrux,

Have you though of somebody taking over your account and using it while impersonating yourself? If somebody does that, they can contact your friends, perhaps co-workers and do some moral damage. Also remember that gmail stores all your mail, so such a person would also have access to any passwords or logins erbsites often send to their users. More than that, they could find out which sites you're using and reset your passwords on them (correct e-mail address usually being enough), gaining access to more of your private information and disrupting your access to those resources. You're using services that you would not admit using in public? How about somebody sending your last invoice from a sex-toys website to your boss (radical example but still...). All this is quite easy if you're using an unsecured connection in a public place, in fact man-in-the-middle attacks are quite often. Please keep that in mind.

Thanks for the information. I am learning more on this forum about Gmail that I never knew before. I do not believe that I will be answering my email in a public place. However one way to prevent people from getting into your email is to be sure and sign out each and every session. This can prevent a lot of problems.

If there is a problem with gmail like someone getting into it be sure and report it to gmail. There is also a Federal Agency in the USA to report mail fraud. Other countries have similar agencies so it is wise to contact your countries goverment too to let them know what is going on.

I really do not see how the https:// connection would help if you are using a public connection anymore than using http: and signing out. The most important thing is to sign out. Then go to tools in the browser or how ever the particular browser of your ISP of the computer you are using and get rid of the search history and cookies. Never click on the remember my password at a public computer.

Remember to always clean out the browsing history, etc. and cookies after each session. That really is the best protection.

The https connection encrypts all the information you send over this public connection, including your username, password and all the mails you have in your inbox. People that are monitoring the lines (or the signals if it's wifi) won't be able to see your password and all your private information, same goes for virusses that look for transmitted passwords (it however won't protect you if the virus just monitors keyboard input ... ).
It's like using an anti-conceptive, it doesn't protect you in rougly 5% of the cases ... but for the other 95% you are safe, you just have to hope you're in that 95%