Force Gmail to Use Secure Connection Via SSL


With the recent announcement of SF Reverse Engineer, Mike Perry, intending to release his Gmail Account Hacking Tool to the public, there is no better time than now to secure you Gmail connection by using the Google’s provide SSL.

To do so, do the following:

  1. Click on SETTINGS (top-right of the Gmail page). It will look something like this:

  2. Scroll all the way down, or try to find “Browser connection”
  3. Select “Always use https”, and the “Save changes”

You might have to refresh/reload your Gmail page. To verify, you may look at your Address Bar and it should similar to the following:

You will also notice that the browser window’s SSL connection icon has been enabled/locked. In FireFox, its on the bottom-right of the Status Bar.

Do note that if you are also using Gmail via Google Apps for work, or what have you, forcing SSL connection is currently not available. But alas, Google does have it on their to-do list last month. Hopefully, they can see the urgency and add it on sometime soon due to Mike Perry’s announcement.

But for now, you can just manually change the URL from having “http” to “https“. Or, if you are using FireFox (which you should), you might grab this Greasemonkey plugin called GMailSecure. You will just need to add your Google Apps’ Gmail URL to its “Included Page” list under GMailSecure’s options. For example,

http://mail.google.com/a/company-domain.com/*

Further reading about this subject can be done via Webmonkey’s article, Why You Should Turn Gmail’s SSL Feature On Now.

I hope that helps.