Facebook enables secure browser connections by default

Shawn Knight

Posts: 15,829   +202
Staff member

facebook https secure connection

The world’s most popular social network recently implemented an additional layer of security by migrating to https by default. That means that almost all users visiting Facebook via the web or over mobile will now do so through a secure connection, putting them on par with native apps for Android and iOS that have long used https.

Infrastructure engineer Scott Renfro penned a post on Facebook’s official blog to explain the change. He points out that https uses Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL), which makes the connection between a user’s browser and Facebook’s servers more secure.

Secure browsing on Facebook isn’t new as the option has been around for two years. Users had to enable it in the settings menu, however. Surprisingly more than a third of users did just that according to Facebook’s own admission.

Renfro described enabling https by default as a dream come true. The company’s traffic, network, security infrastructure and security teams have worked on making it a reality for years and they are happy with the amount of traffic that is now encrypted. What’s more, Renfro said they are even more excited about future changes they are preparing to launch.

True enough, a secure connection will go a long way in preventing man-in-the-middle attacks as well as eavesdropping attacks – just a couple of methods that malicious individuals use to gain unauthorized access to a person’s Facebook account.

Permalink to story.

 
"Infrastructure engineer Scott Renfro" I wouldn't be crowing about this like it is something to be proud of. For how many years has Facebook spurned common knowledge standard security practice? There is a pretty good reason why people used HTTPS for signing into websites [edit] and navigating private data. This is something that should have been done years ago.
 
Shouldn't the security standard for ANY login scenarios come with the security of HTTPS? Especially if it deals with sensitive information. Facebook may not have "sensitive" information, but you know it's sensitive to someone! They are just now implementing HTTPS on their websites?
 
Back