Achtung, GMailers!

If you have a Google GMail account (and why the heck wouldn’t you?), take Unky DAve’s advice and do this right now, quick-snap:

1. Log in to your GMail account.
2. Click “Settings” at the top.
3. Scroll down to the last option, select “Always use https”, and save your changes.

The primary reason is security. Using https instead of http ensures the site is encrypted. Now, I realize it’s weird that Google would give users the option of either a secure or unsecure connection, but the reason is cost. Secure connections with the GMail servers require all data to be encrypted during transmission and ultimately this costs Google more per e-mail. On your end you’ll notice nary a difference.

Apparently some hackers have forced the issue to bring this to light:

As reported by Hacking Truths, a tool has been presented at DEFCON that makes stealing session IDs from Gmail a relatively easy affair. And once someone has your session ID, he/she can log in to your Gmail account without authentication.

In practice, this means that not having the “always use https” option checked, especially if you’re accessing Gmail through a wireless hotspot, or any other unsecure network, has become a hazard, and is not recommended. Google has been fairly silent about this, letting users decide what they want to do, but I’ve switched to SSL and I recommend you do, too, especially if you use Gmail for business purposes.

- via Mashable!