Twitter Boosts Security with Permanent HTTPS Support

  • Share
  • Read Later

First Google did it, then Facebook, and now Twitter’s following suit, adding an option to permanently shore up your account’s defenses courtesy the Hypertext Transfer Protocol Secure, commonly abbreviated HTTPS.

Normally you type ‘http’ into your URL bar to conjure a website, but if you’ve ever used a service like online banking, you may have noticed an ‘s’ appended to the ‘http’ (or at least you should have–if not, it might be time to think about switching banks). With HTTPS, you’re basically tunneling securely to the destination server over an encrypted connection. Think of it as your very own “world wide zip line,” designed to keep you safe (or at least safer) while working over public connections–especially wireless ones that tend to be more vulnerable to hackers and snoops

Twitter already supported manual HTTPS access, but not the option to enable it automatically each time you sign in. Why it took this long for a simple, permanent option is anyone’s guess, but it’s certainly not unwelcome. I actually noticed it before I caught the news this morning, a little “Always use HTTPS” option located at the bottom of the default ‘account’ tab in my Twitter settings. I promptly checked it–there’s really no reason not to.

The option comes shortly after U.S. senator Chuck Schumer called on Amazon, Twitter, and others to switch from HTTP to HTTPS.

“The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol,” said Schumer at a February 27, 2011 press event.

Google flipped the switch to make HTTPS its default for Gmail users in early January 2010, followed a full year later by Facebook, which began offering the option to secure all site transactions on January 26, 2011.

Alas, Twitter’s still unable to offer a default HTTPS option to mobile users, though the company says it’s definitely in the offing. If you’re connecting with a mobile device, that means you’ll still need to type ‘https’ before the mobile web address ( if you want to ensure you’re connected securely.

More on

A Day After CEO Is Hacked, Facebook Rolls Out New Security Features

NY Senator: HTTP ‘a Welcome Mat for Would-Be Hackers’

Gmail Defaults To HTTPS