Is your Facebook account secure? Learn how to secure it
January 2011 Facebook added the functionality to browse the site via a secure (HTTPS) connection with the aim to dramatically decrease security issues for many users….or will it.
When logging into many websites your password will be encrypted on initial login but the rest of the experience may not be encrypted. This includes the “cookie” which is a data file used to authenticate after successful log in (HTTP Session). This does not necessarily need to be an issue if you use a private computer behind a firewall at home or work. However if you happen to be using an open wireless network in a public place you are transmitting non-secure cookies which are extremely vulnerable to attacks (HTTP session hijacking also known as “sidejacking”).
The OpenSource Firefox extension Firesheep launched 24th October 2010 and created by Seattle based software developer Eric Butler makes it remarkably easy for people to hijack other peoples sessions (for 26 popular online services such as Facebook, Twitter, Amazon, WordPress, Yahoo!) within a network to highlight the security concerns of using open Wi-Fi.
Aral Balkan on Facebook security vulnerability with Firesheep
Facebook have sadly made browsing their site securely optional which is would explain why so many people I come across are still unaware of both this functionality and how to switch it on. Below are the steps that will help you to identify and resolve this matter.
Check if you’re browsing Facebook securely
If you’re URL at the top of your browser looks as it does above then you should update your settings to make your FB experience more secure.
Navigate to account settings
Click on “Account” in the top right and navigate to “Account Settings”.
Switch on secure browsing
Click to expand “Account security” in the general settings tab and tick the “Secure browsing (https)” box. Once you have saved this settign you’re URL bar should look like the image below:
Now you have dramatically decreased the likelyhood that your Facebook account will be hijacked whislt using free public Wi-Fi!