The short version is that there is a new exploit that can be used to hack into gmail accounts if you don’t use SSL.
If you want to set up your gmail to always use SSL, go into the Settings page. Near the bottom of the page on the General tab, there will be an option for browser connection. Choose “Always use https” and save your settings.
Done - thanks for the warning.
I also thank you.
Thanks for the warning.
Yikes! Thanks and done and bumpbadabump for the other Dopers!
Eep, thanks for the warning!
I use outlook express to access my gmail - just because I can check all 3 of my accounts at once. Any word on how this is affected?
Thanks, have passed this on.
Hmmm, I don’t seem to have that option on the General tab under settings.
Language: Mail display language:
Maximum page size: Show conversations per page
Keyboard shortcuts:
Keyboard shortcuts off
Keyboard shortcuts on
My picture:
Visible to everyone
Visible only to people I can chat with
Contacts' pictures:
Show all pictures
Only show pictures that I've chosen for my contacts
Signature:
Personal level indicators:
No indicators
Show indicators
Snippets:
Show snippets
No snippets - Show subject only.
Vacation responder:
Vacation responder off
Vacation responder on
Subject:
Message:
Only send a response to people in my Contacts
Outgoing message encoding:
Use default text encoding for outgoing messages
Use Unicode (UTF-8) encoding for outgoing messages
That’s all I’ve got.
Thank you! I passed this along to all of the people I know that use gmail.
Are you using gmail on a custom domain? I don’t have it on my domain email either, but you can still use SSL by just going to Server error
I am using a custom domain, but I just noticed that I’m not using the https prefix, but just http. So if I change the default start page to https: etc, that will do the trick without choosing a different setting?
Yes, as long as you always remember to do that. You can confirm that you’re in SSL mode because your browser will display a lock icon (and FireFox turns the address bar yellow.)
Thanks!
Just another thank you pile on. I had no idea. And now I do 
Thanks from here too.
I have two G-mail accounts, my own and the school district’s, which is a Google client. Out e-mails are still “@bigassschooldistrict.org”, but it’s a G-mail account. On that one, I didn’t find this option at all. I’ll try to change the prefix and see what happens.
Another thanks. I feel so much safer now.
Glad I saw this. Thanks from me as well.
I’ve done this also and encountered a bug with my Gmail Notifier. It wouldn’t connect to my Gmail after I enabled SSL.
Google has released a patch for those of you encountering this bug. Go to the Gmail Known Issues page and scroll to the last entry under Logging In where it says “Notifier cannot connect to mailbox with ‘Always use https’ setting enabled” and click on that entry. Download the patch, a .zip file, and extract it. In the folder, double click on the notifier_https.reg file. Click Yes when asked to confirm. Restart your Notifier. Issue fixed.
Just another “thank you”. Have sorted mine out and will sort out my father’s Gmail later today. Not that Dad has any truck with Paypal etc but am not taking any chances. 