Gmail users may have noticed that the popular webmail service enables encryption by default, automatically forwarding users to the secure version of the site. However, they've been free to visit the unencrypted version by manually typing http://www.gmail.com in the URL bar. Well, soon this will no longer be possible for Gmail users who also use the Google (NASDAQ: GOOG) Chrome browser. According to a new post on the official Chromium Blog: As of Chromium 13, all connections to Gmail will be over HTTPS, and that "includes the initial navigation even if the user types 'gmail.com' or 'mail.google.com' into the URL bar without an https:// prefix, which defends against sslstrip-type attacks."

In addition, the team also took the trouble to explain how "a very small set of CAs have the authority to vouch for Gmail (and the Google Accounts login page)," which presumably limits the likelihood of a certificate authority being compromised and used to subvert Gmail users. Given recent attempts to hack hundreds of personal Gmail accounts, including those belonging to senior U.S. government officials, it is indeed heartening to hear of security enhancements even for users of the free service.

For more:
- check out this article at CNET News
- check out this article at Chromium Blog

Related Articles:
Top U.S. officials' Gmail accounts hacked following phishing attack
Gmail outage highlights cloud risks
Google red-faced following Gmail outage, blames storage software update