Securing your Gmail email with https

A lot of people use Google’s free web email service, called Gmail. I have lost count of the friends and colleagues who have ditched their Hotmail and Yahoo accounts for a Gmail address instead – certainly one of its attractions appears to be its powerful search facility.

And it solves arguments too.

For instance, earlier this year my wife and I saw “The Bootleg Beatles” in concert. They were suitably fab, and we decided the other night to book tickets in advance for their 2009 tour too. The thing is, we couldn’t decide which row we should sit in – should we book tickets for the front row, or a few rows back. (We’re booking well enough in advance to have the luxury of choice).

Sign up to our free newsletter.
Security news, advice, and tips.

I argued that we had been in the second row last time, and clearly the front row would be the absolutely optimum place to observe Ringo’s moptop and George’s frenetic fingerwork during “While My Guitar Gently Weeps”. Mrs Cluley, however, said that we hadn’t been in the second row at all last time, that we were much further back.. and there was no way that the front row would be any good as we would crane our necks.

Gmail came to the rescue, as a quick search of the word “Beatles” sprung up my archived ticket confirmation, telling me where our seats had been. On this (rare) occasion, I was for once correct.

So I like Gmail quite a lot. But one of the things which has irked me is its lack of support for https. Sure, it does keep your password encrypted when you log in, but until now it hasn’t defaulted to using encryption when you are actually accessing your email.

The good news is that Google has now added the option to always use https. You can make the change under Settings once you have logged into your Gmail account:

This means that if you log in to your email from an unencrypted airport hotspot, or while you’re having your morning Starbucks, that your email is kept secure and encrypted – making life much harder for the bad guys.

You can learn more about Gmail’s support for https on the Gmail blog. One word of warning – there are still some teething problems with getting some plugins to work properly when Gmail has this https setting. Google says it is working on ironing out those problems.

When was your Gmail last accessed?
Google also recently introduced the ability to examine the access history to your Gmail account – handy if you’re worried that someone unauthorized might be logging in and looking at your personal mail.

Another thought springs to my mind, however.. Was it such a good idea for me to have that old concert ticket confirmation in my archive? Although it solved the argument with Mrs Cluley – if it had been accessed by someone else would that have been useful to them? Would they have been able to steal some identity information or work out when I would be out of the house to plunder the riches of Cluley Towers?

Wouldn’t it be better to treat old email that isn’t needed anymore just like junk mail, and “shred” it by emptying the virtual trash can? Let me know your thoughts about the danger of how web email systems offering humungous amounts of storage might be a treasure trove for any criminals who manage to break in.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.