Cisco Learning Network Store Promotions Page

1.08.2014

Yahoo finally enables HTTPS encryption for email by default

Summary: Yahoo webmail users will get a significant security benefit with the company enabling encryption by default. 
 
From today, Yahoo will begin encrypting all email connections by default, offering its users the same additional security that Google rolled out for Gmail in 2010.

 
Meeting the January 8 deadline it announced last October, Yahoo has enabled Secure Sockets Layer (SSL) — denoted by 'HTTPS' in browsers' URL bar — encryption by default for its roughly 200 million Yahoo Mail users.
 
The change means that Yahoo Mail users no longer need to manually configure their accounts to enable SSL encryption for mail, which encrypts communications between the browser and Yahoo's web servers and is meant to ensure to the user the site they're communicating with really is what it claims to be.
 
"Anytime you use Yahoo Mail — whether it's on the web, mobile web, mobile apps, or via IMAP, POP or SMTP — it is 100 percent encrypted by default and protected with 2,048 bit certificates," Jeff Bonforte, Yahoo SVP of communication products, wrote in a company blog post.
 
Yahoo initially outlined plans to enable HTTPS by default, but later confirmed it would implement it with 2048-bit certificates, which is the minimum others, led by Google and Microsoft, have moved towards. So, while HTTPS by default is good news for Yahoo users, it's also come to Yahoo quite late compared to other webmail providers.
 
Google enabled SSL by default for Gmail in 2010, SSL by default in search (for signed-in users) in 2011 and now makes all searches SSL by default. Also, in November it completed its upgrade of all SSL certificates to 2048-bit RSA, with the longer key lengths making it harder to crack SSL connections.
 
Yahoo's plans to encrypt mail by default came after the first leaks from Edward Snowden, revealing the US National Security Agency (NSA) spy programs that targeted major US internet companies.
 
The NSA has also prompted a bigger response from Yahoo, which since pledged to encrypt all data moving from the internet to its servers and all data moving between its datacentres, with the latter being a response to revelations of the NSA's 'Muscular' program, which exploited unencrypted links between datacentres of Yahoo and Google.
 
~ Liam Tung 

Related Posts

0 comments: