A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service.
Google had previously added the option for GMail users to “always use https” back in July 2008 but it was turned off by default.
[ SEE: Google Attack Should Be No Surprise ]
Last June, a group of researchers and academics released an open-letter calling on Google protect users’ communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.
Now comes word that this is indeed happening:
We are currently rolling out default https for everyone. If you’ve previously set your own https preference from Gmail Settings, nothing will change for your account. If you trust the security of your network and don’t want default https turned on for performance reasons, you can turn it off at any time by choosing “Don’t always use https” from the Settings menu. Gmail will still always encrypt the login page to protect your password. Google Apps users whose admins have not already defaulted their entire domains to https will have the same option.
This Google page offers additional guidance on keeping your data secure.