Daily Archives: March 26, 2011

HTTPS makes Twitter more secure.

Twitter.com recently announced that it was increasing security by making the “Always use HTTPS” setting available to users.

At first I thought it didn’t make any sense. All of my Twitter tweets are public. Why would I need to use HTTPS?

Then I realized the optional HTTPS setting is intended to protect users who connect to Twitter over Wi-Fi — where hackers can sniff out passwords and hijack user accounts.

The HTTPS news comes months after a Firefox add-on called Firesheep made it trivially easy to temporarily take over the accounts of people using Twitter and Facebook over Wi-Fi.

If you’re a social media professional that runs Twitter accounts for customers HTTPS is definitely something that needs to be enabled on those accounts.

If HTTPS had been available earlier this month, this feature would have prevented Ashton Kutcher’s Twitter account from being hijacked to spout pro-SSL messages.

Twitter had the following to say about HTTPS on it’s blog:

Making Twitter more secure: HTTPS

Today, we’re taking an important step to make it easier to manage the security of your Twitter experience – we are adding a user setting that lets you always use HTTPS when accessing Twitter.com. Using HTTPS for your favorite Internet services is particularly important when using them over unsecured WiFi connections. 

For some time, users have been able to use Twitter via HTTPS by going to https://twitter.com. We’ve made it simpler for users to do this by adding the option to always use HTTPS.

To turn on HTTPS, go to your settings and check the box next to “Always use HTTPS,” which is at the bottom of the page. This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity. In the future, we hope to make HTTPS the default setting.

We’ve already made this setting the default for a number of clients and activities. In these cases, HTTPS is used whether or not you’ve enabled the “Always use HTTPS” setting:

  • When you log into Twitter, so your password stays protected.
  • On the official Twitter for iPhone and iPad mobile application.
There are also a few instances where turning on HTTPS in your settings does not force HTTPS. For example, when accessing Twitter from your mobile browser, you need to go to https://mobile.twitter.com to use HTTPS for now. We are working on a solution that will share the “Always use HTTPS” setting across twitter.com and mobile.twitter.com, so you don’t have to think about which device you’re using when you want to check Twitter. If you use a third-party application, you should check to see if that app offers HTTPS.

%d bloggers like this: