How to Access Gmail More Securely via HTTPS

HTTPS Browser
HTTPS means a secure connection to Gmail from your browser. © Yuri Samoilov; CC BY 2.0 license

HTTPS provides secure, encrypted access to Gmail in your browser.

Secure Gmail via HTTPS Is the Only Option

Note that secure HTTPS connections over TLS/SSL are, as of April 2014, the default and only option for all Gmail users and sessions; you need not do anything special or change any settings, neither in Gmail nor in your browser.

If You Open Gmail in Your Browser, Can Others Read Along?

What do you have in common with the girl at the next table?

You and her are both sipping from delicate cups of Darjeeling tea, invigoratingly red with a hint of green; you share the tea and coffee shop's public Wi-Fi connection; both of you would have been called "web workers" in the early 2000s—and she may be able to read your email with you as you open Gmail in your browser.

Fortunately, you can avoid that latter commonality (and maybe concentrate on others).

What Does HTTPS Access Do?

If you use HTTPS to connect to Gmail in your browser, all data sent from and to Gmail (including your emails) will be encrypted automatically as it is sent back and forth. Without the secret key to deciphering, all that data is incomprehensible to anybody, even if they gain access to it, say through a shared internet connection on public Wi-Fi.

HTTPS access also lets your computer verify the authenticity of the connection to Gmail via a trusted third party. This helps prevent a malicious site pretending to be Gmail to you (and you to Gmail, so they can display your account without you noticing their snooping on log-in information and emails).

You can even have Gmail enforce these secure HTTPS connections so you have no choice but be secure, at least as far as the traffic between you and Gmail is concerned.

Access Gmail More Securely via HTTPS

To encrypt all traffic between your browser and Gmail (so a traffic scanner on, say, your local network or a public WLAN cannot decipher it):

  • Access Gmail using https://mail.google.com/.
    • Note the 's' at the end of "https".
    • Type "https://mail.google.com/" into your browser's address bar manually; then, you can create a bookmark.

Do watch out for people in your back reading along! The emails are not encrypted on your computer's screen, and people might catch you typing your password, too. (Gmail two-step authentication offers some protection from the latter being exploited.)

Force Gmail to Always Use a Secure HTTPS Connection

To make Gmail use an encrypted HTTPS connection always and automatically:

  • Follow the Settings link in Gmail.
  • Go to the General category.
  • Make sure Always use https is selected under Browser connection:.
  • Click Save Changes.

Note that HTTPS connections may be slower than using Gmail unencrypted. Enforcing HTTPS with the setting above could also cause errors on some mobile devices and Gmail mail checkers.

(Updated September 2015)

Was this page helpful?