Securing your Gmail account


Computing Resource Center (CRC)

	CRC Basics
	Highlights for Fall 2012
	Location & Hours
	First Call
	PennConnect DVD

	Going Green
	Sustainabilty

	Security & Privacy
	Security & Privacy Alerts
	IRS Scams
	Phishing Scams
	Securing Gmail
	ISC Information Security
	Penn's Privacy Office
	Virus Information
	Windows Update Service

	Important Links
	PennKey
	AirPennNet & Wireless info
	School Email info
	Computing Labs
	College House Computing
	Client Services Group

	CSG Staff Only
	CSG Intranet

ISC's Computing Resource Center

Secure your Gmail account

A tool has just been released that makes it easy for someone to steal your Gmail account if the cookie is being sent in clear text. It is recommended that the default setting is changed to enable encryption for the entire session. This is very easy to do.

After you are logged into Gmail:

Look in the top right hand corner and you will see a link that is labeled Settings.
Click that and then you will see:

Browser connection:
- Always use https
- Don't always use https
Click Always use https.

You may have to log out and log back in to get the full https session. Setting this parameter will ensure that all Gmail traffic passed from your web browser to the Gmail server is encrypted effectively preventing the theft of the cookie that hackers want these days.



Information Systems and Computing University of Pennsylvania Comments & Questions