There’s a good chance most haven’t noticed that Facebook uses HTTP, rather than the more secure HTTPS when logging on to your account. There’s a significant difference in the security of one over the other, and Facebook have finally updated the security options to give you a choice (at least, they’re rolling it out now, so if yours isn’t live, check back tomorrow!)
Why would you want to do this? Simply, when you log in using HTTP, your user data is not encrypted. If you use wireless networks in public places, you’re particularly at risk – as shown by this exercise in October 2010 when someone spent a half hour in a café and collected access details for over 20 Facebook accounts.
What do you need to know? HTTPS encrypts your details and makes it more difficult for them to be abused. It’s not perfect, as the update applies only to the website, not mobile applications on platforms like the iPhone – but it’s a step in the right direction. As with all encryption, it’ll have a small impact on speed – but so small most won’t notice it.
To activate HTTPS, click the Account button on the top-right of your screen, then Account Settings. You’ll then go to the bottom of the next menu and next to Account Security, click Change.
Put a tick in the box for HTTPS, remember to Save – you’re done.