Gmail, More Secure – is a Must!

On Tuesday, Google has stated that it is planning to test a viability of a version of Gmail service to see if it confers more security to the site. The plan is to change the back-end servers in order for the users to automatically access the encrypted HTTPS (Hypertext Transfer Protocol Secure) connection while using the Gmail service. The point is that this HTTPS is in use while logging in to Gmail, but the problem is that after that the Web pages are delivered without the encryption. This may lead to hackers’ access to a network and take over a Google account using the so-called “session hijacking” technique. Through this they have also access to read e-mails that are of a private nature.

Cristopher Soghoian, one of 38 security and privacy experts who prompted Google to make the changes, declared that the identity of a person lies in the inbox that can be one click away from the hackers. The experts had stated that an adoption of a HTTPS is mandatory not only because it encrypts e-mails, but also provides a way to authenticate the servers, ensuring the users that they actually address to Google and not “some phishing site”.

Gmail users have access to their messages via the already established HTTPS, but to do this they click the “browser connection” set at the bottom of the page; the test that Google plans to take sends the HTTPS under a ‘default’ status, thus activating a security that will cover part or all of the Web page. This ‘default’ feature wasn’t previously adopted by Google, because, as they said, it would have made the Web site too slow.

Regarding the security must, Soghoian has come up with the idea that Google should adopt the SSL (Secure Sockets Layer) and Alma Whitten, Google’s Software Engineer, answered that they would move small samples of different types of Gmail users to HTTPS to see whether it affected the performance of their e-mail, to check if it loaded fast enough, if it was responsive enough. In case the test works out positive, then Google will apply on HTTPS by default more broadly, “hopefully for all Gmail user”, as Whitten stated.

Google didn’t mention when the testing would begin, but they know that they are more ahead of rivals Yahoo and Microsoft, that do not offer a HTTPS connection to their users, as Jeremiah Grossman – chief technology officer with White Hat Secuirty, declared. Since encrypted message contain more information, using HTTPS default may slow down Web surfing and this can be a reason that can turn the performance of the site into an undesired one. If this will cause users to drop the service, than they will face a major problem, Grossman added.

As Whitten wrote, the free, always-on HTTPS is quite unaccustomed in the e-mail business, especially for those using a free e-mail service, but at the same time they take it as being another way to make Web service safer and more useful; a feature that all major webmail service should provide. But till then, Gmail, more secure – is a must!