Twitter.com recently announced that it was increasing security by making the “Always use HTTPS” setting available to users.
At first I thought it didn’t make any sense. All of my Twitter tweets are public. Why would I need to use HTTPS?
Then I realized the optional HTTPS setting is intended to protect users who connect to Twitter over Wi-Fi — where hackers can sniff out passwords and hijack user accounts.
The HTTPS news comes months after a Firefox add-on called Firesheep made it trivially easy to temporarily take over the accounts of people using Twitter and Facebook over Wi-Fi.
If you’re a social media professional that runs Twitter accounts for customers HTTPS is definitely something that needs to be enabled on those accounts.
If HTTPS had been available earlier this month, this feature would have prevented Ashton Kutcher’s Twitter account from being hijacked to spout pro-SSL messages.
Twitter had the following to say about HTTPS on it’s blog:
Making Twitter more secure: HTTPS
For some time, users have been able to use Twitter via HTTPS by going to https://twitter.com. We’ve made it simpler for users to do this by adding the option to always use HTTPS.
To turn on HTTPS, go to your settings and check the box next to “Always use HTTPS,” which is at the bottom of the page. This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity. In the future, we hope to make HTTPS the default setting.
- When you log into Twitter, so your password stays protected.
- On the official Twitter for iPhone and iPad mobile application.