Twitter boosts security with HTTPS

Twitter has made an HTTPS option available in a bid to protect user accounts from hijacking.

Users can now turn on the “always use HTTPS” feature from the settings section of the site, meaning all their messages sent across Twitter will be encrypted.

Those accessing the site from a mobile browser will have to enter https://mobile.twitter.com to switch the feature on, as the settings are not shared across versions of the microblogging service.

“This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured internet connection, like a public Wi-Fi network, where someone may be able to eavesdrop on your site activity,” Twitter said in a blog post.

Twitter said it wants to make HTTPS the default setting in the future and it has already done this for a number of clients and activities.

HTTPS, or Hypertext Transfer Protocol Secure, will cancel out the effect of the notorious Firesheep tool, which allowed hackers to hijack users’ sessions if they were running on a public Wi-Fi connection.

Firesheep could allow a hacker to scan for vulnerable active Twitter sessions and then gain control of the account holder's unique session cookie.

Once they have hold of this cookie, hackers could imitate the original user.

One way to counter such a tool is to provide application level encryption, as Twitter has now done with HTTPS.

It remains unclear if third-party Twitter clients, such as TweetDeck, will start offering support for the option.

One of the downsides of HTTPS is that it slows connections down due to the extra actions required to supply encryption.

This article originally appeared at itpro.co.uk