Gmail Switches to Default Https Encryption Following Attack
As news of Google’s China situation dominates headlines, the company has also announced that it is turning on https access for Gmail as the default (Gmail accounts were hacked in China, in case you haven’t read about that yet).
Https, which stands for Hypertext Transfer Protocol Secure is used to provide encryption and secure ID. Back in 2008 Google started giving users the option to use it.
"We initially left the choice of using it up to you because there’s a downside: https can make your mail slower since encrypted data doesn’t travel across the web as quickly as unencrypted data," says Gmail Engineering Director Sam Schillace. "Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do."
Interesting timing on that decision.
The company is currently rolling out https for all Gmail users, and if you have set your own https preference in Gmail’s settings, nothing will change. Users do still have the option to turn it off. It will just be on by default.
"Gmail will still always encrypt the login page to protect your password," says Schillace. "Google Apps users whose admins have not already defaulted their entire domains to https will have the same option."
Google notes that offline Gmail users using http may experience some hiccups. If this includes you, you may want to read up on this.