Saturday, February 12, 2011

Facebook goes secure with HTTPS

Facebook has at last implemented HTTPS. Facebook is one social networking site that is most popular among people of all age groups and all walks of life. Also this is one networking site with loads of personal info which in most cases is unwittingly shared in the whole wide web. There has been many pleas to make this a secure site over internet in the recent past and two recent events have at last opened the eyes of Facebook developers to include security feature for facebook:

1. Hacking of Mark Zuckerberg’s account

2. Stealing of Facebook passwords of Tasmanian activists by Tasmanian Government (They had inserted a JScript to Fb home page)

With internet abundant with hacking tools (Firefox recently released a plugin for session hacking – Firesheep), this was a long time due!

Well here is how you enable the security:

1.Go to Account Settings

2.Under that look for Account Security and select to enable HTTPS

fscebook https secure

And here is how Facebook is adding the extra layer of security:

1. Social Authentication: You will have to verify yourself by identifying the profile photo of one of your friends (this is a random generation from your friends list).

This might get tricky and difficult if your friends have celebrity photos or cartoon characters as their profile image

2. Captcha authentication: You will have to verify with a captcha authentication when you open Facebook from out side your home country

However, there are some fall backs in Facebook’s HTTPS implementation. Those are:

1. The loading of page takes longer time than usual when you go through HTTPS

2. Some third party applications do not use HTTPS and open with only HTTP – this is another place where your details are extracted. So be careful about the 3rd party applications that you wander out to from Fb.

3. Default page that gets opened when you just type Facebook and Ctrl+click on the address bar is NOT HTTPS. So you might want to enter the entire URL starting with https:// or just add that to your favorites.

Whatever be the case, we can be happy that Fb has implemented the security feature and I want to believe that they will go on to improve this as well – just how they went about improving Facebook over the period.

No comments:

Post a Comment