We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Twitter lets users opt to always use HTTPS

'Will improve the security of your account'

Twitter is offering web users the chance to always use the secure HTTPS protocol to access the micro-blogging service.

Until now, web users had been able to securely access Twitter by using the URL https://twitter.com. However, now the micro-blogging service has added the 'Always use HTTPS' option in Settings so users don't need to remember to enter the URL to access the service securely.

"This will improve the security of your account and better protect your information if you're using Twitter over an unsecured internet connection, like a public Wi-Fi network, where someone may be able to eavesdrop on your site activity," Twitter said in a blog.

"In the future, we hope to make HTTPS the default setting," the micro-blogging service added. Those using the official Twitter apps for iPhone and iPad will already find HTTPS is used even if the 'Always use HTTPS' option hasn't been enabled.

However, Twitter warned that the option wouldn't force the use of HTTPS for those accessing the service from a mobile browser.

"When accessing Twitter from your mobile browser, you need to go to https://mobile.twitter.com to use HTTPS for now," the micro-blogging service said.

"We are working on a solution that will share the 'Always use HTTPS' setting across twitter.com and mobile.twitter.com, so you don't have to think about which device you're using when you want to check Twitter. If you use a third-party application, you should check to see if that app offers HTTPS."

Security firm Sophos urged all Twitter uses to take advantage of the new security setting.

"Twitter's new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically," said Paul Ducklin from Sophos.

"If you don't use HTTPS, imposters who listen in to your Twitter traffic can obtain what's called your session key - a secret code which identifies you for as long as you're logged in. This means that they can impersonate you, posting any old tweets on behalf of you or your company."

See also: Twitter: 1 billion 'tweets' are sent every week

Twitter clamps down on client apps


IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...