Good news Twitter users - HTTPS now enabled by default

HTTPS now default.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

Twittrer has taken a step that should help keep us all safer, and enabled HTTPS as the default access option for all users.

Using HTTPS secures the communication between the device and Twitter's servers by encrypting the data being sent and received. This is especially good news if you connect to Twitter from unsecured WiFi connections (such as those you find at coffee shops, hotels and so on) because if you're not making use of HTTPS encryption hen you're vulnerable to having your session cookie captured by any bad guys (or pranksters) that might be around, and if your session cookie is captured, then that person can pretend to be you and sent tweets on your behalf and access your direct messages.

Grabbing your session cookie is pretty bad because whoever has access to it can continue to account even after you've changed your password. In act, unless you wait for the cookie to expire you have to deauthorize any apps that the bad guy has authorized. Here's how you do that:

  • Click on the Profile icon and the choose Settings

  • From there click on Apps in the menu on the left hand side and then review the authorized apps. Revoke access from any that you feel are suspect.
  • That's it!

And don't think that you have to be a master genius like Lex Luthor to grab session cookies. You don't! In fact it's easy to do with a tool like Firesheep.

Trust no one!


Editorial standards