I often use public wifi networks to access my Facebook account and am a bit paranoid about my privacy and security. Is there some way to force Facebook to use SSL (https) to securely connect me each time, encrypting information both sent and received?
After the appearance of alarming hacker utilities like Firesheep (which monitors wifi networks to find people logging in to Facebook, then saves a copy of their account and password) it didn’t take long for Facebook to join the many different sites that support full-time secure socket layer (SSL) connections between browsers and their server. Another service that supports this full-time SSL connect, btw, is Google’s Gmail, so if you’re a Gmail user, check it out in the preferences too!
Problem is, as with much of what Facebook does, the secure connection option is something that’s being slowly introduced to users. Facebook calls it “a gradual rollout”. I call it “darn it, how come other people can do this and I can’t?”
Fortunately I now can, so I can show you exactly how I enabled secure browsing with “https” on my Facebook account and you can check to see if you also have this capability. Hopefully you do!
First step is to go to “Account Settings”:
Once you’re at your account settings, scroll down until you find “Account Security”. If you have the option of using the secure https connection, it’ll look like this:
If you just see the option related to getting emails and text messages when different systems log in to your account, well, then I guess you need to wait a day or two and try again. Eventually you’ll get the new secure connection option, I’m sure.
Hopefully you do have it, however, in which case this is what you’ll see:
Looks good! Just click on the box adjacent to “Browse Facebook on a secure connection (https) whenever possible”, then click on the “Save” button.
That’s it.
Now when you’re on Facebook, you should see a nice secure “https” displayed, not the usual — and insecure — “http”:
Hope that helps you out. If you’re really concerned with security, I also encourage you to check out my article on how to use one-time passwords on Facebook so that you don’t have to worry about your password being stolen through a keystroke logger or similar.
Rell, that’ll work until you click on a link and it flips you back to non-SSL connection. The new feature works for your entire session.
Indeed. Excellent info, Dave.
Question. Couldn’t you just type https://facebook.com on your address bar, though?
Or was this option not yet available during time of posting?
Thanks.
Reil
Excellent info Dave! I’ve been pretty lucky so far in that my account hasn’t been hacked (knock on wood), but I’ve also been preparing myself for the time when it finally was.
Hopefully I won’t have to worry about that now!
Thanks for sharing.