In association with heise online

24 August 2011, 10:59

Twitter starts enabling HTTPS by default

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Twitter Logo The Twitter micro-blogging service has announced that it has started to enable HTTPS by default for its users in order to improve security. When using HTTPS, all information transmitted to the service is sent using SSL encryption, not just the log-in credentials. This means that even cookies are transmitted in encrypted form and can no longer be read and exploited for fraudulent activities by attackers using such tools as the Firesheep extension for Firefox.

Twitter added an "Always use HTTPS" option in March of this year. However, in order to use the feature, users had to enable it manually. For users that do not have the "Always use HTTPS" option enabled, HTTPS is only used by default when logging into Twitter to protect users' passwords, and on the official Twitter for iPhone and iPad mobile app.

Users can manually enable the "Always use HTTPS" option via their account settings page by checking the appropriate box towards the bottom of the page. Further information about enabling HTTPS on Twitter can be found on Twitter Help Center.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit