Facebook has added the Hypertext Transfer Protocol Secure (HTTPS) support back in January’11 which allow users to access Facebook securely. HTTPS protocol secures the communication in between the browser and the web server by encrypting the information using Secure Sockets Layer (SSL) cryptographic protocol and hence circumvents the eavesdropping attacks. Facebook users are highly recommended to access their account using HTTPS connection especially when connected through public Wi-Fi where malicious attacker could sniff the non-encrypted network traffic easily. Furthermore, the preface of Firesheep – a Firefox extension has made hijacking of non-HTTPS web session possible by using a few mouse clicks. In details, Firesheep is able to intercept the unencrypted cookie from the public Wi-Fi and hijacks the active Facebook sessions.
Although HTTPS seems to be active during Facebook’s login page , but the connection is reverted to insecure HTTP connection upon login. As mentioned earlier, the Facebook session is at the risk of being hijacked by Firesheep as the connection is not securely encrypted with HTTPS connection. Just follow the steps below to ensure HTTPS connection is utilized throughout the Facebook session:
- Click at “Account Settings” from the Account menu at the top right corner of the page.
- Look for the Account Security section and make sure Secure Browsing (HTTPS) option is checked.
- Click Save.
- Relogin to Facebook and you will see HTTPS connection is being used even upon login.
However, you will need to repeat these steps if you get the notification below which asked to revert to regular connection especially when adding new application to your Facebook account. Therefore, just keep yourself reminded to reconfigure the Secure Browsing option until Facebook made the HTTPS setting persevering.