Facebook Security

Tweet

Facebook finally provided a way to keep any random jerk in the cafe from hijacking your account. But, you have to go out of your way to enable this protection, and you might have to wait. You really should check to see if your account has this feature enabled yet, and if so, put it on! By default, Facebook sends your access credentials in the clear, without any protection whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network, at a cafe or conference, for example, to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20 to 40 Facebook identities in half an hour! HTTPS solves this longstanding problem by encrypting your login cookies and other data. In fact, the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems. You can sign up for Facebook HTTPS by going to Account Settings and then selecting "Account Security," third from the bottom. Then click under "Secure Browsing" if it's there. Facebook says everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.