Many people have been pleased to hear that Facebook is now allowing users to choose full SSL/HTTPS encryption throughout their session to prevent their accounts from being compromised through unencrypted WiFi using tools like Firesheep.
After the announcement though, lots of people are confused and requested we provide better instructions on how to choose this more secure option. I have put together a brief (only 1.5 minutes!) YouTube video on how to enable this feature.
As of the time of this article (January 28, 2011) only a fraction of all Facebook accounts have been enabled to use this option. We expect it to be available to all Facebook users in a short amount of time.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)
The myth that HTTPS sessions consume a large quantity of resource needs to be quashed. While encryption may seem to be a heavy duty task, modern algorithms are designed to create the maximum security for a minimum impact.
If you are a webmaster or IT administrator who is responsible for providing services to your customers, please look into securing your pages and following Facebook’s lead. If they can provide an extra layer of protection for more than 500 million users, surely you can provide the same protections to your users.
For Facebook users, in addition to selecting the new HTTPS option, take a look at our guide on how to secure your profile.
And don’t forget to join the Sophos page on Facebook, where we regularly alert on the latest security threats on the social network.
Creative Commons image courtesy of Dieselducy from the WikiCommons