That may not be quite true, but Facebook got a lot closer this week by finally implementing HTTPS in account security settings. This makes it a lot harder to grab your username and password and hack your account. Whether this is a reaction to Mark Zuckerberg’s account being hacked or just a realization that it was high time they did this is irrelevant. They did it and this immediately improves security and privacy.
For those of you not familiar with general browser communications, it’s fairly common for websites to encrypt a username and password during the login process, but uncommon to encrypt communication after that. After you login, most websites send a cookie to your computer so that your browser can interact with the website without having to constantly login to every page. If you are on a mobile device, the cookie is broadcast through the air waves, so there is a chance that anyone could grab it and access your information. This process is known as HTTP session hijacking or sidejacking.
The only effective solution is to use HTTPS to encrypt the entire connection. Websites use this protocol when you exchange financial information to keep your data private and secure. Facebook did have an HTTPS capability in the past, but now you can set it as a default setting. This is great news. The reasons for not implementing it earlier were that many Facebook apps didn’t support HTTPS, but apparently they now have this fixed. This is true, since I couldn’t get chat to work inside Facebook when I had HTTPS on in recent weeks, but it works fine now.
Below are instructions to implement HTTPS for all your interactions with Facebook. I suggest doing this immediately.
HTTPS Instructions
1. Log into your Facebook account.
2. Click on Account in the upper right corner of the page and select Account Settings.
3. Scroll down to Account Security and click Change.
4. Check the box under Secure Browsing.
5. Click Save and you are finished.
Log out and log back in to make sure your browser session is using HTTPS. You will see that in the website address in your browser. Now you can be sure that all communication between your browser and Facebook is secure and all your information is kept private.
Photo credit Robert Scoble