When logging in to webmail you’re sending your credentials in plain text over the internet to your email provider. Think about the steps it requires your information to get there.
- First of all your data will go to your router. Either over the air (free for anybody to scan) or over a cable to your local router(s) and modem (which might be controlled by others then by you).
- Then your information will pass through your internet access provider.
- From your provider the data might cross an ocean or two to get in the neighborhood of your email provider.
- Finally your credentials will reach the webmail provider.
This same route (and back) will be taken by the content of your emails. Do you trust everybody on this route? Are you sure that nobody is sniffing the wifi packets from your wireless network? For me the answer on both questions is no.
One way to improve the security and your privacy is by
- Sending the information encrypted instead of in plain text
- This can be arranged by visiting websites through HTTPS which is actually HTTP over a secure SSL connection.
- Making sure the site you visit is really your webmail provider
- This can be arranged by visiting websites through HTTPS which asks the visited website for a certificate to prove who they are
HTTPS on major webmail providers
So, which major webmail providers can be visited on a HTTPS page? And if so, how?
- Gmail by Google
- Gmail uses https by default. Just access http://mail.google.com and Google will redirect you to https://mail.google.com
- The secure connection is also used while reading and sending emails
- Yahoo! Mail
- Yahoo! uses https by default to login. Surf to http://mail.yahoo.com and Yahoo! will redirect you to https://login.yahoo.com/config/login_verify2?&.src=ym
- After logging in however, Yahoo Mail loses the secure connection. You’ll lose the secure connection and you’ll not be able to use https for reading or writing emails.
- Windows Live Mail / Hotmail
- Microsoft uses https for logging in. Go to http://mail.live.com and Microsoft will redirect you to https://login.live.com/
- After logging in the secure connection is dropped. You’ll be redirected to an ordinary http site. It is possible however to configure Live mail in such a way that all your email reading and writing takes place over a secure connection.
- Go to “options” –> “More options…”
- Under “Customizing Hotmail”, select “advanced privacy settings”
- Under “Using HTTPS for extra security”, click “Go to HTTPS settings”
- Microsoft then gives some warnings on what can happen if you
- select “Use HTTPS automatically (please see the note above)”
- press “Save”