A long last Facebook is offering an option to use the encrypted “HTTPS” protocol, a feature it will begin rolling out today but won’t finish for a “few weeks.” Please check now and see if it is available on your account and sign up as soon as it is. Don’t worry this won’t slow your computer down at all. After all Gmail uses HTTPS for everything. Don’t hesitate, this is an important step to keep your Facebook account safe from being hijacked on an open or poorly secured wireless network.
By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Enabling HTTPS on your account is super important because a browser extension called Firesheep has made it insanely easy for anyone sharing your open wireless network to “sniff” your credentials and freely access your account. In one instance a blogger wanting to test the effectiveness of this extension was able to steal 20-40 Facebook identities in half an hour while sitting at a random Starbucks in New York City. HTTPS solves this problem by encrypting your login cookies and other data; in fact the sole purpose behind the creation of Firesheep was to encourage companies like Facebook to finally lock down their systems.
You can sign up for Facebook HTTPS by:
- Going to Account Settings and then selecting “Account Security,” third from the bottom. Then click under “Secure Browsing” — if it’s there. According to Facebook everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.
And one thing to note…. this will only apply to the Facebook website, not the Facebook iPhone app. There are apps out there can automatically protect while browsing from your iPhone, just check the App Store.