Twitter lets users opt to always use HTTPS

Twitter is offering Web users the chance to always use the secure HTTPS protocol to access the micro-blogging service.

Until now, Web users had been able to securely access Twitter by using the URL https://twitter.com. However, now the micro-blogging service has added the ‘Always use HTTPS’ option in Settings that ensures users don’t need to remember to enter the URL to access the service securely.

“This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured nternet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity,” Twitter said in a blog post.

“In the future, we hope to make HTTPS the default setting” the micro-blogging service added, although those using the official Twitter apps for iPhone and iPad will find HTTPS is used even if the ‘Always use HTTPS’ option hasn’t been enabled.

However, Twitter warned that the option wouldn’t force the use of HTTPS for those accessing the service from a mobile browser.

“When accessing Twitter from your mobile browser, you need to go to https://mobile.twitter.com to use HTTPS for now,” the micro-blogging service said.

“We are working on a solution that will share the ‘Always use HTTPS’ setting across twitter.com and mobile.twitter.com, so you don’t have to think about which device you’re using when you want to check Twitter. If you use a third-party application, you should check to see if that app offers HTTPS.”

Security firm Sophos urged all Twitter uses to take advantage of the new security setting.

“Twitter’s new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically,” said Paul Ducklin from Sophos.

“If you don’t use HTTPS, imposters who listen in to your Twitter traffic can obtain what’s called your session key - a secret code which identifies you for as long as you’re logged in. This means that they can impersonate you, posting any old tweets on behalf of you or your company.”

Subscribe to the Macworld Daily Newsletter

Comments