Facebook moves all users to HTTPS for added security
The move adds a layer of encryption to data transfer, making the information harder to see by attackers
By Jared Newman
November 20, 2012 — PC World — Just in time for holiday travels, Facebook is moving all users to HTTPS connections to help block attacks over Wi-Fi networks.
HTTPS is a secure version of the Hypertext Transfer Protocol, the essential method your browser uses to connect with websites. At the expense of a little speed, it adds a layer of encryption to data transfer, making the information harder to see by attackers on the same wireless network.
Without HTTPS, gathering information over a local network is surprisingly simple. Packet sniffers such as Firesheep and FaceNiffare designed specifically for this purpose, and require very little technical know-how. Indeed, these tools caused a bit of a stir when they first emerged, because they made it so easy to discover other peoples login details or other sensitive information over standard HTTP connections.
Facebook added HTTPS as an option last year, but at the time, many third-party apps didnt support the protocol. All apps have since been required to support HTTPS, and now Facebook is rolling out the added security measure to all users.
Encryption does add load time to Web pages, so there is a small tradeoff of speed for security. For that reason, users will have the ability to opt-out of HTTPS in their account settings, according to TechCrunch.
To see if the site youre on is using an HTTPS connection, just look at the address bar. For Facebook, you should see https://www.facebook.com if the connection is secure.
For added security on other sites, Chrome and Firefox users can install the HTTPS Everywhere add-on. This will automatically activate HTTPS on sites where its supported but not activated by default. If youre worried about virtual creepers, it could come in handy during holiday travels as youre bouncing between public Wi-Fi hotspots.