Twitter will use encryption by default when users sign into the micro-blogging website.
“HTTPS is one of the best ways to keep your account safe,” Twitter wrote in a blog post explaining the move. “It’s especially helpful if you use Twitter over an unsecured Internet connection like a public Wi-Fi network.”
Although Twitter is making HTTPS the default setting for users, you can turn it off in your account settings.
Users who log on to Twitter over unsecured public Wi-Fi risked having hackers use tools such as Firesheep to gain unauthorised access to their accounts, said Graham Cluley, a security researcher for Sophos.
“If you log into Twitter over unencrypted Wi-Fi – for instance, at an airport lounge or at a conference – and you don't have HTTPS enabled, then a hacker could sniff your session cookie. And anyone who can sniff your session cookie can pretend to be you,” he wrote in a blog post.
The option to sign in via the HTTPS protocol, which ensures that log-on data is encrypted, was introduced last year. Twitter had originally stated its intention to use HTTPS by default last August.
Facebook users have the option to sign in via HTTPS but it has not yet made it the default method, while Google+ uses HTTPS as standard.
“HTTPS is one of the best ways to keep your account safe,” Twitter wrote in a blog post explaining the move. “It’s especially helpful if you use Twitter over an unsecured Internet connection like a public Wi-Fi network.”
Although Twitter is making HTTPS the default setting for users, you can turn it off in your account settings.
Users who log on to Twitter over unsecured public Wi-Fi risked having hackers use tools such as Firesheep to gain unauthorised access to their accounts, said Graham Cluley, a security researcher for Sophos.
“If you log into Twitter over unencrypted Wi-Fi – for instance, at an airport lounge or at a conference – and you don't have HTTPS enabled, then a hacker could sniff your session cookie. And anyone who can sniff your session cookie can pretend to be you,” he wrote in a blog post.
The option to sign in via the HTTPS protocol, which ensures that log-on data is encrypted, was introduced last year. Twitter had originally stated its intention to use HTTPS by default last August.
Facebook users have the option to sign in via HTTPS but it has not yet made it the default method, while Google+ uses HTTPS as standard.
No comments:
Post a Comment