Back to Courier Columns Page

EMAIL SECURITY
by Ray Carlson


Q.  Last month you suggested using a public email service like gmail while on a trip.  I have been told that someone can steal my username and password when I connect to such a site. Is that correct?

A: When you sign on to a web-based email account like Gmail, the username and password are sent to the site in normal text.  Once you connect to the service, any information typed in is encrypted so it cannot be read by anyone else, but, on a public computer or public wireless system, it is possible for a thief to set up a program that reads that initial text file.  That program then has your username and password and the thief can access your account.  To avoid this, when you log in, use the address “https://mail.gmail.com”  Adding that “s” after the http encrypts everything that is typed including your username and password.  If you are traveling, you can do this automatically by going to gmail and click on settings in the upper right part of the screen.  Go to the item called “Browser connection” and select “Always use https.”  This makes the process a little slower but adds protection.  You can unclick that item when you are back on a safe network.  In addition, when you are finished always click “Sign out” to cancel your connection to that account.  If you use one of the other webmail accounts, check the help section to see how to use an https address.

Published: Courier 7/19/09 - Page 5C