Twitter offers HTTPS to boost security

Twitter offers HTTPS to boost security

Microblogging sites offers encryption setting - but not by default

Twitter users can now use the HTTPS protocol across the site, as yet another web company opts for better security for its users.

However, like Hotmail, Twitter isn't turning the added security protocol on by default and it doesn't yet work via mobile browsers.

Twitter has previously offered a secured version of the site by visiting https://twitter.com, but users can now request to the added layer of protection via the Settings menu.

"This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured internet connection, like a public Wi-Fi network, where someone may be able to eavesdrop on your site activity," explained communications manager Carolyn Penner in the Twitter blog.

Penner said Twitter hoped to make HTTPS the default setting "in the future", but didn't explain why that wasn't happening now.

The HTTPS setting is already the default for the login page, and when using the Twitter app on iPhones and iPads.

However, Penner warned that even if a user has selected the "always on" HTTPS, it doesn't carry over to mobile browsers or to all third-party apps.

If mobile users want the added security layer, they need to use https://mobile.twitter.com until the company finds a way to share the setting to phones. "If you use a third-party application, you should check to see if that app offers HTTPS," she added.

Needed security?

While email and retail sites may seem more obvious places for added security than Twitter - where the tweets are supposed to be public - Sophos researcher Paul Ducklin advised anyone using the site to switch on HTTPS.

When users sign into the site, Twitter sends a session cookie to the browser to keep you logged in. "You login once, and the session cookie identifies you for the rest of the current session," said Ducklin on the Sophos blog.

"Unfortunately, if you login to Twitter over unencrypted Wi-Fi - such as at a coffee shop or an airport lounge - then anyone who can sniff your session cookie can pretend to be you," he said. "That means they can post tweets as you. And you don't want that."

This article originally appeared at pcpro.co.uk

Source: Copyright © PC Pro, Dennis Publishing

See more about:  twitter  |  offers  |  https  |  boost  |  security
 
 
Latest articles on BIT Latest Articles from BIT
Seagate adds another box to its business storage range
12 Mar 2014
If you're looking for up to 16TB and your business uses Windows Server, this might be of interest.
Another security camera, this one with a "corridor" mode
20 Feb 2014
Keen on beefing up the security around your workplace? This camera has a few handy features that ...
Need a lot of storage? The Thecus N7710-G can hold up to seven hard drives
20 Feb 2014
If you need to store a lot of data then you might want to take a look at the recently released ...
Deal spotted: Free Trend Micro small business security for 6 months (when you buy 12 months)
7 Feb 2014
If you've got several staff and haven't upgraded your computer security in a while, this might ...
Here's how Seagate gave a small business with 22 external backup drives a "storage makeover"
29 Jan 2014
See how Seagate helped this two-man Gold Coast business solve their backup nightmare.

Latest Comments

Latest Poll

What PC component are you planning to upgrade in the next six months










Ads by Google

From our Partners

PC & Tech Authority Downloads