Back in November of last year I wrote about the lack of SSL and HTTPS security for Facebook. It seems the Facebook security team have been listening because on January 26th, Facebook blogged about providing HTTPS. HTTPS is a secure connection that encrypts data that is sent from your browser which then makes it ‘private’. When you pay for goods or services online or use an online bank you should always see HTTPS when inserting your personal and financial information. You may also have seen a small “padlock” or noticed the address bar has turned green which indicates you are using HTTPS.
Facebook will be giving it’s users the “option” to use Facebook entirely over HTTPS over the coming weeks. It will be a slow rollout, so you’ll need to check your account periodically to see if you have this option.
How to setup HTTPS and monitor your Facebook account activity:
- Click on Account (top right)
- Scroll down the page and click “Account security”
- Check the “Browse Facebook on a secure connection (https) whenever possible” box
- Check the “Send me an email” box*
- Click the SAVE button
*This function allows you to see if someone else has used your account from another mobile device or location. A very useful function.
TIP: The Firefox plugin Firesheep which automatically steals (sidejacking) session cookies will not work if you have HTTPS enabled.
Using the HTTPS function can sometimes increase page loading times, but you do end up being more secure. Also worth noting at this stage – some Facebook third-party apps do not currently support HTTPS. Facebook has assured us all that they are “working hard to resolve these remaining issues”.
It looks like Facebook want to assess the user feedback and review how many use the HTTPS function before they consider activating HTTPS as default.
Safe surfing folks!