The most important task in terms security is ensuring protection from threats like viruses, malware and hackers. Although Facebook uses complex system that operates behind the scenes to protect the account, it does not mean your account is fully protected. Considering the kind of security fears that are scathing its reputation, the social networking site has prescribed ways in which users can protect their accounts with remote logout and one-time passwords.
In a blog post, Facebook offered an option to use the encrypted 'HTTPS' protocol. The feature was launched on Thursday, but should take some time to determine its security levels. Gmail, on the other hand, uses 'HTTPS' for everything. The feature protects one's account from being hijacked via wireless networks which are not secured.
Recently, there was a report about a Firefox extension known as Firesheep, that lets anyone share an open wireless network in the neighborhood café or workplace to access Facebook, Twitter and myriad of other online accounts. The Firesheep extension was in use for the last three months.
The use of HTTPS is key for online protection. Earlier, Facebook was sending the user’s credentials without any encryption. However, now it says, “Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure.”
HTTPS or Hyper Text Transfer Protocol works on Secure Sockets Layer (SSL), a protocol primarily developed with secure, safe Internet transactions in mind. The protocol encrypts your login cookies and other data.
Pointing out few methods to secure account, the Facebook blog said, “Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the Account Security section of the Account Settings page.” And if you find an option called “Secure Browsing”, click on that.
Otherwise, it has been a long time for Facebook to bring out the HTTPS feature. The blog said, “We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.”
However, Facebook uses HTTPS option, that only applies to the website not for other apps. Also last year Electronic Frontier Foundation (EFF) launched a Firefox extension known as 'HTTPS Everywhere', inspired by Google’s encrypted search option which allows users to encrypt most or all the browser’s communications with other sites. Firefox users can install app by using “HTTPS Everywhere.”
But, as EFF puts it, “As always, even if you're at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can't prevent this because sites incorporate insecure third-party content).”
Since Facebook continues to grow with personal pictures and personal chats, security has become a grave necessity.