By simplifying the use of secure, encrypted connections, Twitter hopes to reduce the number of hacked user accounts. Previously, Twitter users could connect to the site in this way, but they had to manually type in HTTPS in the URL bar
With the rising awareness and concern over the stealing of passwords and other sensitive data from unsecured Wi-Fi networks, Twitter is the latest online services company to boost its use of encrypted website connections.
Twitter announced on Wednesday that it will give its users the option to always automatically connect to Twitter.com using HTTPS, which encrypts communications between users’ computers and Twitter servers.
HTTPS reduces the chances that malicious hackers will intercept and steal their passwords and any other sensitive data exchanged with the website they’re browsing.
Previously, Twitter users could connect to the site in this way, but they had to manually type in HTTPS in the URL bar.
“This will improve the security of your account and better protect your information if you’re using Twitter over an unsecured Internet connection, like a public WiFi network, where someone may be able to eavesdrop on your site activity,” reads Twitter’s blog post announcement.
While HTTPS has been standard for years in financial services websites, providers of consumer online services have over the past year started promoting its use to cut down on the number of times their users’ accounts get hacked, including Facebook and Google.
There is generally a performance trade-off when using HTTPS, because it slows down the connection somewhat, but the consensus is that the slight inconvenience is well worth the increased protection.
Some websites, like Twitter, let their users configure their account settings so that every time they visit the site they automatically do it via HTTPS.
Others have made HTTPS the default setting for everybody — something Twitter plans to do later — while others have gone further and eliminated altogether the option to connect to their sites using a regular, unencrypted HTTP connection.
Twitter already uses HTTPS as a default on its log-in page so that users’ credentials are encrypted. Its official iPhone and iPad applications also have HTTPS as their default setting.
However, the setting to always use HTTPS currently doesn’t extend to Twitter’s mobile website, so users must remember to type HTTPS when logging into it.
People who use third-party applications to access Twitter need to check if those applications can use HTTPS or not.
The Electronic Frontier Foundation made a free Firefox plug-in that, whenever possible, chooses an HTTPS connection for every website users visit.