Here’s a quick tip and some news that might have flown under the radar for some.
After the fuss and debacle created by the release of FireSheep and the ability for people to easily impersonate others on popular social networking sites such as Facebook it has become apparent that Facebook have now provided the ability to tighten up your security but have made this feature “opt-in”. This means that unless you are forcing SSL (or HTTPS) on your side then you won’t be using the most secure connection possible.
So here is how you enable server-side security for Facebook.
- Go to facebook.com,
- Click on “Account” up the top right corner of the site,
- Click on “Account Settings”,
- Next to “Account Security” click on “change”,
- Tick the box next to “Browse Facebook on a secure connection (https) whenever possible,
- Click “Save”.
What this does is enforce SSL from the server side and removes the need for you to force it from your side using solutions such as NoScript or HTTPS Everywhere. There are some ongoing compatibility issues with certain Facebook applications that don’t support SSL yet but apparently that is being worked out 9so you may see some popup windows telling you that you are switching out of SSL).
As a base recommendation, you should definitely turn this on to prevent people from getting at perhaps the most personal and sensitive information you may own outside of financial and medical records.