Secure webmail using HTTPS

When logging in to webmail you’re sending your credentials in plain text over the internet to your email provider. Think about the steps it requires your information to get there.

  1. First of all your data will go to your router. Either over the air (free for anybody to scan) or over a cable to your local router(s) and modem (which might be controlled by others then by you).
  2. Then your information will pass through your internet access provider.
  3. From your provider the data might cross an ocean or two to get in the neighborhood of your email provider.
  4. Finally your credentials will reach the webmail provider.

This same route (and back) will be taken by the content of your emails. Do you trust everybody on this route? Are you sure that nobody is sniffing the wifi packets from your wireless network? For me the answer on both questions is no.

One way to improve the security and your privacy is by

  1. Sending the information encrypted instead of in plain text
    1. This can be arranged by visiting websites through HTTPS which is actually HTTP over a secure SSL connection.
  2. Making sure the site you visit is really your webmail provider
    1. This can be arranged by visiting websites through HTTPS which asks the visited website for a certificate to prove who they are

HTTPS on major webmail providers

So, which major webmail providers can be visited on a HTTPS page? And if so, how?

  • Gmail by Google
  • Yahoo! Mail
  • Windows Live Mail / Hotmail
    • Microsoft uses https for logging in. Go to http://mail.live.com and Microsoft will redirect you to https://login.live.com/
    • After logging in the secure connection is dropped. You’ll be redirected to an ordinary http site. It is possible however to configure Live mail in such a way that all your email reading and writing takes place over a secure connection.
      1. Go to “options” –> “More options…”
      2. Under “Customizing Hotmail”, select “advanced privacy settings”
      3. Under “Using HTTPS for extra security”, click “Go to HTTPS settings”
      4. Microsoft then gives some warnings on what can happen if you
        1. select “Use HTTPS automatically (please see the note above)”
        2. press “Save”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.