Finally! Yahoo Mail to turn on SSL by default in 2014

Graham Cluley

YahooYahoo is planning to finally join the 21st century and turn on SSL encryption for its webmail users in January 2014.

According to the Washington Post, the internet company will enable encryption for all its webmail users, and help protect their privacy, from January 8th.

Without SSL/HTTPS, everything your browser sends and receive from Yahoo Mail is sent as unencrypted text – and could be grabbed in transit (known as “sniffing”) by malicious hackers and snoopers when you check your webmail via WiFi in the coffee shop.

GMail, Hotmail,, and others have provided this essential level of security to their users by default for ages – so it’s something of a mystery why it’s taken Yahoo so long. Maybe they were busy spending all their time thinking up new logos, or devising reckless plans to recycle email addresses

EmailSign up to our newsletter
Security news, advice, and tips.

If you can’t wait until January 8th, 2014 – and, in my opinion, you shouldn’t wait – why not turn on SSL/HTTPS on your Yahoo Mail account now? You’ve been able to enable the option since January 2013, if you knew where to find the option in Yahoo Mail’s settings.

Here’s how you do it:

  • Click on the cog in the top right hand corner of your main Yahoo Mail Screen
  • Select “Settings”
  • Choose “Security”
  • Select “Use SSL”.

Select Yahoo SSL setting

Seriously, it will be good to see Yahoo finally enable SSL/HTTPS for all its webmail users. It’s just a crying shame that they have dragged their feet so much about doing it. One wonders how many users had their privacy put at risk by Yahoo’s tardiness?

Update: A Yahoo spokesperson has been in touch with me, offering the following comment:

In addition to making https a default feature by January 2014 for all Yahoo Mail users, we plan to implement 2048-bit encryption keys, which will provide our users with a further layer of security.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

4 comments on “Finally! Yahoo Mail to turn on SSL by default in 2014”

  1. Spryte

    I have to agree. It has taken far too long for Yahoo to make this available.

    "why not turn on SSL/HTTPS on your Yahoo Mail account now?"

    Unfortunately if you use Opera 12 as your main browser (as I do), you cannot get into your account if you turn on SSL/HTTPS you effectively lock yourself out of your main browser for that email account.

  2. That and if it is enabled, yahoo will not leave you logged
    in, even if it is a personal computer at home. This gets highly
    annoying very quickly as any time you check your mail, even in
    another tab, you have to relogin.

  3. Pranav Desai

    In the security option of settings, I clicked on browser connection : always use https. Now I am unable to log in to my e-mail. It shows "invalid server certificate" and there is a red slash over a red https in the address bar.

    This error does not come if I use Mozilla Firefox.

    How to overcome this obstacle? Help is highly appreciated!

  4. Thillai

    I didn't have the option to enable or disable SSL on my yahoo Security settings

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.