We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,943 News Articles

Twitter lets users opt to always use HTTPS

'Will improve the security of your account'

Twitter is offering web users the chance to always use the secure HTTPS protocol to access the micro-blogging service.

Until now, web users had been able to securely access Twitter by using the URL https://twitter.com. However, now the micro-blogging service has added the 'Always use HTTPS' option in Settings so users don't need to remember to enter the URL to access the service securely.

"This will improve the security of your account and better protect your information if you're using Twitter over an unsecured internet connection, like a public Wi-Fi network, where someone may be able to eavesdrop on your site activity," Twitter said in a blog.

"In the future, we hope to make HTTPS the default setting," the micro-blogging service added. Those using the official Twitter apps for iPhone and iPad will already find HTTPS is used even if the 'Always use HTTPS' option hasn't been enabled.

However, Twitter warned that the option wouldn't force the use of HTTPS for those accessing the service from a mobile browser.

"When accessing Twitter from your mobile browser, you need to go to https://mobile.twitter.com to use HTTPS for now," the micro-blogging service said.

"We are working on a solution that will share the 'Always use HTTPS' setting across twitter.com and mobile.twitter.com, so you don't have to think about which device you're using when you want to check Twitter. If you use a third-party application, you should check to see if that app offers HTTPS."

Security firm Sophos urged all Twitter uses to take advantage of the new security setting.

"Twitter's new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically," said Paul Ducklin from Sophos.

"If you don't use HTTPS, imposters who listen in to your Twitter traffic can obtain what's called your session key - a secret code which identifies you for as long as you're logged in. This means that they can impersonate you, posting any old tweets on behalf of you or your company."

See also: Twitter: 1 billion 'tweets' are sent every week

Twitter clamps down on client apps


IDG UK Sites

iPhone 5s review: why the iPhone 5s is still the best phone you can buy in 2014

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

Come together to learn: the secrets of the best design talks, conferences and courses