Twitter Offers "Always Use HTTPS" Security Feature

Thursday, March 17, 2011



Twitter is now offering the option to use a secure, encrypted SSL connection. While users could previously access Twitter over an encrypted HTTPS connection, it was necessary to manually type the "https" into the browser.

The new feature allows users the option to "Always Use HTTPS" by accessing their account settings and enabling the feature, which is located near the bottom of the page.

Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by Firesheep attackers.

Firesheep is a FireFox extension that can harvest login credentials when users access their accounts over unencrypted Wi-Fi networks.

"There are also a few instances where turning on HTTPS in your settings does not force HTTPS. For example, when accessing Twitter from your mobile browser, you need to go to to use HTTPS for now. We are working on a solution that will share the 'Always use HTTPS' setting across and, so you don’t have to think about which device you’re using when you want to check Twitter," wrote Twitter's Carolyn Penner.

Facebook has also recently added the option to access accounts over a secure, encrypted HTTPS connection. If you have not enabled the option yet, you should take a minute to do so now.

To enable the the HTTPS feature, open the "Account Settings"on your account and go to "Account Security". Check under the "Secure Browsing" option for the HTTPS option.

Several people have reported problems with the setting reverting to HTTP on Facebook, so be sure to take note that the HTTPS appears in your browser when logged into your account.

Possibly Related Articles:
Encryption SSL Twitter Facebook firesheep Headlines HTTPS Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.