• Categories

  • Archives

    « Home

    Washington Post: Yahoo to make SSL encryption the default for Webmail users. Finally.

    The Washington Post reports on a move by Yahoo to improve the privacy and security of its Web-based e-mail service: “Beginning Jan. 8, Yahoo will enable encryption by default for users logging into its Web-based mail service.”

    Yahoo began offering users the option to use the SSL encryption standard earlier this year. The option “encrypts your mail as it moves between your browser and Yahoo’s servers,” according to the company.

    In January, the option will be switched on for all Yahoo users.

    Yahoo has lagged behind its major competitors in offering encryption for its Webmail service. Google offered SSL as an option for Webmail in July 2008 and made it the default for Gmail Web users in early 2010. It became an option for Microsoft’s free Webmail service Hotmail in November of 2010 and became the default for Webmail logins during the switch to in July of 2012. Social networking site Facebook started offering SSL as an option in November 2011 and made it the default for U.S. users in February of this year and for the world this past July. […]

    These moves to encryption for free Webmail services constitute a major privacy gain for users, but there are other circumstances where data associated with e-mail could be less secure. For instance, the e-mail apps on some mobile devices may not support the SSL encryption standard, exposing users on those devices to possible snooping by third parties.

    In addition, while Yahoo is finally implementing SSL by default, Google and Facebook are already moving on to higher levels of security, with longer key lengths and ‘perfect forward secrecy‘ in order to keep the prying eyes away.

    Leave a Reply