Facebook announced that it will be moving all of its North American users over to secure connections beginning this week to prevent hackers from “sniffing” traffic at coffee shops and other unsecured networks.
North American users who did not previously opt into Facebook’s https encrypted service will be automatically logged into it unless they specifically opt out. Prior to this week the security setting was an optional feature.
The move is welcomed by security experts, as Facebook users were particularly vulnerable to hackers when using the service on unencrypted networks typically found at hotels and coffee shops. Although Facebook ran its login procedure through a secure page, the user would be dropped back to an unencrypted page to use the service. Hackers connected to the same wireless router could grab the Facebook user’s login cookie through the air and be able to impersonate that user without the need for a password. The https encrypted service prevents hackers from easily decrypting the traffic and is considerably more secure.
Watch a video on how insecure connections were vulnerable to attack:
Google implemented secure connections by default for its products (including Gmail and search) earlier, but Facebook was hindered by additional computer power required for fully secured connections for its near 1 billion users. The company also struggled with third party applications that were not utilizing the https security. Facebook opted to make the secure connection optional last year at the same time Google made it a default selection.
While the security changes will help prevent one vulnerability, users are still vulnerable to other hacks like viruses, malware, keyboard loggers, and social engineering attacks.