After a terrible year for security, Yahoo Mail finally gets HTTPS by default

HTTPSBreathe a small sigh of relief. Yahoo has finally caught up with competing major webmail providers, and turned on HTTPS by default.

As promised last October, the internet company has enabled encryption for all of its webmail users - meaning that what your browser sends and receives from Yahoo Mail is no longer sent as unencrypted text.

That's really important, as without that encryption your private communications could be "sniffed" out of the air while in transit, when you check your webmail via a public WiFi hotspot.

Yahoo announced the successful switch on of HTTPS/SSL in a blog post:

Yahoo blog post

Anytime you use Yahoo Mail - whether it’s on the web, mobile web, mobile apps, or via IMAP, POP or SMTP- it is 100% encrypted by default and protected with 2,048 bit certificates. This encryption extends to your emails, attachments, contacts, as well as Calendar and Messenger in Mail.

Well, that's good to know. Although, of course, some will continue to be concerned that it took Yahoo so long to enable such an important protection when rivals like GMail and have been doing it for so long.

And although Yahoo says it is now encrypting the communications between your browser and them, many have been alarmed about recent revelations that the NSA has been secretly intercepting the communications of millions of Yahoo users (and indeed Google users), by compromising the main communications links that exist between the company’s worldwide network of data centers.

Marissa Mayer, Yahoo CEO2013 was a pretty bad year for Yahoo in regards to security and privacy, with them making the headlines for all the wrong reasons (for instance, millions of user ids stolen by hackers in Japan, offering vulnerability researchers who found a serious bug a $12.50 t-shirt voucher, its moronic email account recycling scheme, and the revelations that CEO Marissa Mayer doesn't bother to have a passcode on her iPhone).

2014 hasn't had a stellar start for the company either, with the discovery of a major malware campaign spread via Yahoo ads.

But belatedly introducing HTTPS for Yahoo Mail is a step in the right direction. Let's hope that Yahoo's new year's resolution is to make 2014 a much better year for protecting its many millions of users.

Tags: , , , , ,

Subscribe to the free GCHQ newsletter

, , , , ,

Special offers & deals

  • PureVPN: Lifetime Subscription

    PureVPN: Lifetime Subscription

    Make sure your personal data and online activity aren't exposed. Encrypt your internet traffic and cover your tracks with PureVPN. Works with your PCs, Macs, iPhones, Androids, routers, gaming consoles, and Smart TVs. Connect up to 5 devices at once at top speeds.
  • Password Boss Premium Version: Lifetime subscription

    Password Boss Premium Version: Lifetime subscription

    All you need to do is remember one master password, and Password Boss will do the rest - remembering all of your different online passwords securely. Security and peace of mind. 86% off normal price!

More deals...

Leave a reply

2 Comments on "After a terrible year for security, Yahoo Mail finally gets HTTPS by default"

Notify of

Sort by:   newest | oldest | most voted
January 9, 2014 5:46 pm

Not surprising for a company run by a lady that doesn't think she needs to lock her phone.

January 9, 2014 5:57 pm

It's about time. Only a few years late to the