Last year, Twitter added the option for users to choose HTTPS, a secure protocol that sends encrypted data, when accessing Twitter.com on the web. This was intended to improve security, especially if the user was accessing Twitter over a public WiFi network.
“Now, HTTPS will be on by default for all users, whenever you sign in to Twitter.com. If you prefer not use it, you can turn it off on your Account Settings page. HTTPS is one of the best ways to keep your account safe and it will only get better as we continue to improve HTTPS support on our web and mobile clients”, Twitter announced Monday on its blog.
“Twitter wins the award for grooviest website of the day, because of the great move they have announced which will help protect the privacy of millions of users”, opined Graham Cluley, senior technology consultant at Sophos.
“If you log into Twitter over unencrypted WiFi – for instance, at an airport lounge or at a conference – and you don't have HTTPS enabled, then a hacker could sniff your session cookie. And anyone who can sniff your session cookie can pretend to be you. That means they can post tweets as you or read your private direct messages. And you don't want that”, Cluley explained.