Facebook has at long last offered an option to use the encrypted "HTTPS" protocol, a feature it will begin rolling out today but won't finish for a "few weeks." You should check now if it's available, and sign up as soon as it is enabled for your account.
By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. HTTPS solves this longstanding problem by encrypting your login cookies and other data.
A blogger using a freely available program called Firesheep was able to steal up to 40 Facebook logins in 30 minutes in a New York Starbucks recently.
You can sign up for Facebook HTTPS by going to Account Settings and then selecting "Account Security," third from the bottom. Then click under "Secure Browsing" — if it's there. Facebook says everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.