Facebook announced this morning that it was making several security changes to protect users’ accounts, including boosting the availability of accessing the site using a secure connection.
The announcement comes less than a day after CEO Mark Zuckerberg’s Facebook profile was hacked, and while the announcement isn’t necessarily a result of this, it’s a good reminder of the importance of always using a secure connection to access your accounts online – Facebook and otherwise.
Facebook says it will begin giving users the ability to choose an “always on” setting for HTTPS, a secure connection between a browser and a server. The option, which Facebook says it will roll out over the coming weeks, will be opt-in and available under the Account Security section of users’ Account Settings page. After enabling this, all Facebook activity will be served over a secure connection.
Facebook will also make this new feature available to developers so that apps are also served via HTTPS. If developers don’t opt to provide a secure connections, Facebook users who’ve enabled the enhanced security settings will get a warning that they’re moving from HTTPS to HTTP before continuing on to the app.
Feeling (Fire)Sheepish, Facebook?
The move to a HTTPS connection will address what’s become an ongoing security concern: keeping online activity safe and private while using the Internet from a public Wi-Fi network.
The release last year of Firesheep, a Firefox extension that makes it possible for anyone sharing an unsecure Internet with you to grab your login information for any number of social networks and take over your online identity.
The Firesheep extension was specifically designed to demonstrate the dangers of unsecure connections and to force the hand of the multitude of popular websites – like Facebook – who don’t provide HTTPS connections automatically. When you use HTTPS, your activity – including your username and password – is encrypted end-to-end and can’t be so easily “sidejacked.”
The timing of Facebook’s announcement, over three months since Firesheep’s release and the initial furor over unsecure log-ins, comes right on the heels of someone hacking into Zuckerberg’s own Facebook page.
Yesterday, Zuckerberg posted an odd message: “Let the hacking begin,” it started. The post, clearly by not Zuckerberg, was quickly yanked. It’s not clear who or how someone accessed Zuckerberg’s account – Facebook hasn’t commented – but it does seem to point to how very easy it is to access someone else’s information when there isn’t a secure log-in.
Thankfully, that will no longer be the case with Facebook, as you’ll soon be able to protect yourself – and your updates – with HTTPS.