Want CNET to notify you of price drops and the latest stories?

Yahoo enables default HTTPS encryption for Yahoo Mail

Web portal now using 2,048-bit encryption keys to protect e-mail users' communication.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Stephen Shankland/CNET

As promised, Yahoo is now automatically encrypting Yahoo Mail users' connections to the service.

The company announced Tuesday it has enabled automatic HTTPS as the default for all users on the network, coming in a day before the January 8 deadline it placed on itself in October. With the upgrade, the Web portal has now using 2,048-bit encryption keys to secure certificates, which are used to set up encrypted communications between a Web server and Web browser.

"Anytime you use Yahoo Mail -- whether it's on the web, mobile web, mobile apps, or via IMAP, POP or SMTP -- it is 100% encrypted by default and protected with 2,048 bit certificates," Jeff Bonforte, Yahoo's senior vice president of Communication Product, wrote in a company blog post. "This encryption extends to your e-mails, attachments, contacts, as well as Calendar and Messenger in Mail."

The move is part of the company's efforts to beef up encryption across all of its products in response to concerns about government surveillance activities on the Internet. Since the release of confidential documents this summer by former NSA contractor Edward Snowden describing the NSA's collection of e-mail metadata and other Internet communications, several tech giants have been actively working to make surveillance, authorized or not, significantly harder.

The issue seemed to take on greater prominence for companies in October, when the Washington Post reported that newly surfaced documents showed the NSA secretly accessed data from several tech giants, including Yahoo, by intercepting unencrypted Internet traffic in a program called Muscular.

Google completed encryption efforts similar to Yahoo's in November to heighten the security of information flowing between data centers, while Microsoft and Facebook have announced plans to switch over to stronger 2,048-bit encryption keys in the near future.