Well it’s about time Twitter! I guess it takes Ashton Kutcher’s Twitter account getting hacked at TED over the weekend—Ashton has the most followers on Twitter—for Twitter to finally do something that Gmail did a long time and Facebook did last year: Allow users to force Twitter to connect via HTTPS (secure connection).
While I applaud Twitter for doing this, I wish they would have just turned it on by default for everyone. Right now to enable HTTPS on your Twitter account you must go to Twitter.com and go to your settings page to click a check box and then enter your Twitter password:
To turn on HTTPS, go to your settings and check the box next to “Always use HTTPS,” which is at the bottom of the page. This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity. In the future, we hope to make HTTPS the default setting.
link: Twitter Blog: Making Twitter more secure: HTTPS
It looks something like this:
While you’re in a settings updating mood, you should also go over to Facebook and do the same time. Under Account Settings there is a section called “Account Security”, unhide this and check “Browse Facebook on a secure connection…”. For extra security I also checked “When a new computer or mobile device log into this account… Send me an email”. This lets me keep tabs on what devices and such are connecting to my account. This setting would give you a first warning that your Facebook account might have been hacked. The section of the Facebook settings page looks something like this:
If Twitter and Facebook wanted to really help users (and thwart Firesheep from hacking accounts) they would just set all users to use HTTPS by default now. Just do it. Turn it on and make users’ accounts safer without requiring them to go to their settings and make this change.
Gmail did it. Twitter and Facebook can too.