Did you know that with a simple Firefox Browser extension people can hack into your Facebook account? Finally, Facebook has done something about it. The following is something you want to do right away!
The Facebook Setting You Should Change as Quickly as Possible
Facebook finally provided a way to keep any random jerk in the café from hijacking your account. But you have to go out of your way to enable this protection, and you might have to wait. Still: Jump on this.
Facebook has at long last offered an option to use the encrypted “HTTPS” protocol, a feature it will begin rolling out today but won’t finish for a “few weeks.” You should check now if it’s available, and sign up as soon as it is enabled for your account. The performance overhead is minor—zippy Gmail, for example, uses HTTPS for everything—and it’s an important step to keep your Facebook account safe from being hijacked on an open or poorly secured wireless network.
By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network—at cafe or conference, for example—to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20-40 Facebook identities in half an hour. HTTPS solves this longstanding problem by encrypting your login cookies and other data; in fact the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems.
You can sign up for Facebook HTTPS by going to Account Settings and then selecting “Account Security,” third from the bottom. Then click under “Secure Browsing” — if it’s there. Facebook says everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.
Facebook is sure taking its sweet time rolling this out. Firesheep has been out for more than three months, and the EFF released a plugin for secure Facebook connections back in June. Even the HTTPS option is half measure. It applies only on the website, not on Facebook’s iPhone app.
And HTTPS should really be automatic for all Facebook users, not an opt-in buried in one of Facebook’s famously labyrinthine settings menus. Facebook seems to recognize this, writing, “We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.” Given that Facebook secures not only intimate pictures and chats but people’s credentials on other websites, that future really can’t come soon enough. But if history is any guide, Facebook’s users are in for a long wait for proper security.
Send an email to Ryan Tate, the author of this post, at ryan@gawker.com.
via gawker.com
Was the option available to you? If now, check back with your Facebook account until it is rolled out to your profile. Don’t take a chance in getting your Facebook hacked!
{ 8 comments… read them below or add one }
Thanks so much for posting this… I just made the change. Appreciated!
Done and done. Thanks Carl!
That’s great Robert!
Thanks for your contribution and making clear what kind of risks one takes if not being alert to the dangers of the wrong safety settings on your account. I passed on the message.
Awesome post. It was there and mine was unchecked. CRUCIAL! Some may even want to take the require secure log in code sent to phone option as well!
It’s a great idea. I remember doing this some time ago only to find that some of my apps stopped functioning because of the change.
Are we talking about “Secure Browsing (https), Browse Facebook on a secure connection (https) whenever possible” or is it another feature?
Please advise.
Thanks for posting. You’re right- this shouldn’t haveto be an “opt in” but rather a complimentary service Facebook provides
Yes it is sound advice, but do you then get that equally annoying box popping up all the time to say “Do you want only the page that is delivered securely” ???
Which I have found to be an extreme nuisance every time.
Cheers
Val