Twitter starts enabling HTTPS by default
The Twitter micro-blogging service has announced that it has started to enable HTTPS by default for its users in order to improve security. When using HTTPS, all information transmitted to the service is sent using SSL encryption, not just the log-in credentials. This means that even cookies are transmitted in encrypted form and can no longer be read and exploited for fraudulent activities by attackers using such tools as the Firesheep extension for Firefox.
Twitter added an "Always use HTTPS" option in March of this year. However, in order to use the feature, users had to enable it manually. For users that do not have the "Always use HTTPS" option enabled, HTTPS is only used by default when logging into Twitter to protect users' passwords, and on the official Twitter for iPhone and iPad mobile app.
Users can manually enable the "Always use HTTPS" option via their account settings page by checking the appropriate box towards the bottom of the page. Further information about enabling HTTPS on Twitter can be found on Twitter Help Center.
See also:
- HTTPS Everywhere Firefox extension goes 1.0, a report from The H.
- "HTTPS Now" campaign launched to protect internet security, a report from The H.
- Google secures search with SSL encryption, a report from The H.
(crve)