Facebook offers HTTPS encryption

Facebook has taken heed of calls to bolster its security, announcing an "opt-in" session encryption feature that temporarily threatens the functionality of many of its apps customers.

"If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green," explained Facebook security engineer, Alex Rice, on Wednesday.

"This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private."

Facebook's new security feature comes at a price for both customers and users, according to Rice, which may explain why Facebook had not deployed the feature earlier.

"Some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues," said Rice.

Another cost to users was that encrypted pages may take longer to load. "You may notice that Facebook is slower using HTTPS," Rice warned.

Facebook's opt-in strategy appears to have been aimed at harm-minimisation for its apps customers, with the feature requiring activation via Facebook's Account Settings page.

The new security feature follows concerns raised over Facebook's lack of HTTPS after session hijacking tool Firesheep was released last year. The tool exploited security gaps available when users accessed Facebook from public WiFi hotspots.

Rice recommended users consider enabling the option if they regularly accessed Facebook from, for example, at libraries or coffee shops.

The new feature would be available in the coming weeks while a default encrypted session may be on the cards, according to Rice.

"We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future," he said.