https://mail.google.com/
Use the "https://" (SSL) secure and encrypted protocol, instead of plain "http://" every time when you connect to your web mail on a public network. This also applies to any account where you have to log in with a user name and a password.
Web mail accounts include:
- Yahoo!
- MSN
- Your ISP's web mail pages.
- The airport (best to avoid at all costs -- prime snooping grounds for the black hats).
- Your hotel.
- Your favorite cafe, donut or sandwich shop that offers Wi-Fi access.
- The library.
- Your neighbor's unsecured or WEP secured network that you hacked into (if you can do it, so can someone else!)
- And so on...
The Solution for Safe Surfing
To keep your accounts safe when using public networks, select either option:
- Don't log into your accounts using a public network. Best yet, don't even fire up your laptop unless you are sure you are safe. (Yeah, right!)
- Or, in the real world, always use a secure protocol to log in to any Internet accessible account. This means 100% of the time.
- Web: SSL ("https://")
- Email: encrypted IMAP or POP
- Shell: SSH
- FTP: SFTP
So, you need to protect your log-in transaction, and encrypt (or scramble) the authentication cookie Google gives you after you log in.
SSL to the Rescue
Using a SSL connection protects all the traffic between your browser and the secure server. For example, to log into Google Mail, a web URL, using SSL, go here:
https://mail.google.com/
This way, all communication between your web browser and Google is encrypted using the excellent SSL encryption protocol. That's right, all you have to do is type in that "s" right between "http" and "://" -- how easy is that? It works with any web site that supports SSL. If your favorite web mail doesn't support SSL connections, it's time to find a new web mail solution.
When you connect using https, notice how your browser's address bar turns bright yellow, or that little lock icon appears in the lower right corner -- whatever your browser does, you should see a clear indication that you are using a secure SSL connection ... and also see when the web site you are visiting drops you back into regular "http" unencrypted traffic.
SSL won't protect your FTP transfers, or your Outlook or Thunderbird log-ins, either, but it does a great job protecting everything your browser sends and receives. Always use SSL when you need to log on to a public network.
Or just wait until you can plug in to log in. Most wired networks, even "open" wired networks at a hotel, for example, are much more secure than an equivalent Wi-Fi (wireless network). If you aren't sure if your wired network is secure, you can use HTTPS on that, too.
Surf safe,
Neil
