Dream2be

The convenience of web applications is unrivaled. It's especially true for web-based e-mail services, where all your mail is stored in one central location and remains easily accessible from any computer on the internet.

But using web-based e-mail poses significant security risks, especially if you use a Wi-Fi connection or a public internet connection like a university or a library.

Here are some tips for keeping your Google, Yahoo and Hotmail accounts secure and safe from personal data snoops.

''Got tips for these or any other webmail services? Help us '''improve this article''' by adding them to the list below.''

==GMail==

Google's free mail service allows users to log in over an unencrypted HTTP connection. This opens up the possibility of a malicious hacker grabbing your password out of thin air if you're connecting over Wi-Fi.

The easiest way to correct this problem is to force Gmail to always use a secure HTTPS connection.

'''Step 1:''' In Gmail, click on Settings. You'll find the link in the top right corner of the screen, next to your e-mail address and the "Sign Out" option.

'''Step 2:''' Under the General Settings (you should see this tab by default on your screen when you open your settings), scroll all the way down to the last option, "Browser connection."

'''Step 3:''' Change the radio button to "Always use https" and click Save Settings.

This method will also force Gmail to encrypt your entire e-mail session. Most e-mail services (like Yahoo and Hotmail) only encrypt the login process, leaving the rest of the session unencrypted. Change your Gmail settings as shown above and your whole session will be locked down. This is the same security that financial institutions use.

'''Tip:''' If you're using a browser with support for Greasemonkey scripts, you should check out these scripts:
* Frederik Olesen's [http://userscripts.org/scripts/show/2588 HTTP-to-HTTPS redirector] which replaces the HTTP in your address bar with HTTPS for any site you choose.
* Anmar Mansur's, [http://userscripts.org/scripts/show/10731 Force HTTPS for GMail, GCal, and GDocs], which will make all of your Google apps more secure.

==Yahoo==

Yahoo Mail is not as secure as other options. The login process is secure, but the rest of your e-mail session is unencrypted.

Your Yahoo e-mail account is tied to your larger Yahoo user account. When logging in to Yahoo (Mail, Flickr, or any Yahoo service) always look in the browser's address bar to make sure the web address you're using to log in begins with "https". Yahoo should always force your login to take place over a secure connection.

If your Yahoo login page doesn't begin with "https," it's possible you're being asked to log in at a non-Yahoo page. In web-speak, this is called phishing: somebody is trying to fool you into giving them your Yahoo login password.

Aside from the common sense approach of always checking the URL, there are two extra precautions you can take:

* Create a [http://security.yahoo.com/article.html?aid=2006102507 Yahoo sign-in seal]. This lets you put a custom image or piece of text at the top of your sign-in page. If you don't see your customized page, it ain't Yahoo.
* In browsers that support Greasemonkey scripts, download and install the [http://userscripts.org/scripts/show/2588 HTTP-to-HTTPS redirector].

That covers login, but the rest of your Yahoo Mail session is unencrypted. Sniffers won't be able to steal your login info, but they will be able to see the contents of your e-mails if they try hard enough.

'''Password Timeout'''

Another way to secure your Yahoo Mail account (and actually your Yahoo account in general) is to change the period of time that you are re-prompted for your Yahoo password.

'''Step 1:''' Click on "My Account" once you are logged into Yahoo (at the top of the screen).

'''Step 2:''' You will likely be prompted for your password again. Enter your password and you will be taken to the Account Information page.

'''Step 3:''' Click "Edit" under the "Member Information" heading.

'''Step 4:''' Click the drop down titled "Prompt for Password" and change the setting. 15 minutes is the lowest you can go. Every 1 hour is probably sufficient. Click "Finished" once you have changed the setting.

Yahoo will now prompt you for your password as often as you selected in the drop down box. Although this may become a bit annoying, it is a good way to ensure you do not remain logged into a computer longer than you intended (especially important in a kiosk / Internet cafe environment).

==Windows Live Hotmail==

Much like Yahoo's mail service, Microsoft's Windows Live Hotmail is not as secure as some other options. Hotmail will encrypt your sign-on session, but not the rest of your e-mail session.

However, you can take steps to make the sign-on process more secure.

Hotmail will not automatically ask you to log in on a secure page. Instead, Mircosoft makes a secure request (via HTTPS) in the background once you enter your password and click the submit button. This is what Microsoft calls "standard security".

In order to switch to a secure (HTTPS) page to enter your login name and password, look just below the input form on the standard MSN/Live.com login page and you'll see a link for "Use enhanced security." This will bring you to a fully encrypted page. The login system will remember this preference and should always default here in the future.

That covers login, but the rest of your Hotmail session is unencrypted. Sniffers won't be able to steal your login info, but they will be able to see the contents of your e-mails if they try hard enough.

Remember that a strong password using letters, numbers and symbols is a basic but smart start for any security improvements regardless of your email platform.

E-mail, in general, has never been all that secure. The e-mail you send to a friend may hit several insecure hosts before it gets to the intended recipient. From any point along its digital journey, it is possible for someone to download a copy of your e-mail.

Unfortunately, e-mail's technology, or Simple Mail Transfer Protocol (SMTP), hasn't evolved much since 1982. However, methods of communication over the internet have. Social media sites often have their own version of e-mail protected under the security of its own domain. Audio and video chats are often encrypted to prevent eavesdropping.

Even so, e-mail has held up very well over the years and it doesn't look like that is going to change any time soon. However, the means of communication over the internet just might.