Yahoo will enable encrypted connections for all users of its email service starting in January, reports the Washington Post. The move comes nearly eight years after Google added the same feature for Gmail users – so this is less “Good job, Yahoo!” and more “It’s about damn time!”
As of January 8, 2014, all Yahoo Mail users will communicate with the company’s servers through secure sockets layer (SSL) encryption, which “encrypts your mail as it moves between your browser and Yahoo’s servers,” the company explained to the Post. With SSL enabled, your email data will pass from your browser to Yahoo’s servers in a completely scrambled form – meaning it’ll look like complete nonsense to anyone who might try to intercept your email messages. Without SSL turned on, your emails are potentially readable by any jerk who snags your data in transit. This is particularly problematic if you are using a public Wi-Fi connection, like at a library or coffee shop, where you have no idea who’s sharing the network with you.
Update: In an email, a Yahoo spokesperson tells us that, on top of rolling out SSL to all users, the company plans to implement a an extra layer of encryption to Mail as well. “In addition to making HTTPS a default feature by January 2014 for all Yahoo Mail users, we plan to implement 2048-bit encryption keys, which will provide our users with a further layer of security,” the spokesperson said.
Yahoo began allowing Mail users to turn on SSL earlier this year, but it was turned off by default. (You can quickly tell whether it’s turned on or not because the beginning of the URL in your Web browser will read “HTTPS” rather than just “HTTP.”) To turn on SSL right now, login to your Yahoo Mail account, click the gear icon in the top-right corner, click “Settings,” click “Security,” check the box next to “Make your Yahoo Mail more secure with SSL,” and click “Save.”
If you use Gmail or Outlook, fear not; SSL is already turned on by default by those webmail providers. Facebook and Twitter have it turned on by default as well. But not every website uses SSL. Luckily, the good people at the Electronic Frontier Foundation have created an aptly named browser plugin for Google Chrome and Firefox called HTTPS Everywhere, which, of course, enables SSL on every website you visit. Download that here. And if you want to get really nutty with your security, you can jump into the wormhole of PGP encryption – the best way to protect your private communications, but also the most annoying.