Twitter increases security with HTTPS encrypted tweets setting

Twitter has added a new profile setting to increase the level of security when accessing the mobile blogging site over an unsecured Wi-Fi connections.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The 'Always use HTTPS' option means, once users log in, all Twitter interaction is encrypted automatically.

Paul Ducklin, head of technology at Sophos, said: "If you don't use HTTPS, imposters who listen in to your Twitter traffic can obtain what's called your session key - a secret code which identifies you for as long as you're logged in. This means that they can impersonate you, posting any old tweets on behalf of you or your company."

"Every time you use unencrypted Wi-Fi, for example in a coffee shop or an airport lounge, any one of the other users sitting round could hijack your Twitter session. If you're a Twitter user, it's a no-brainer, you want this new option. Turn it on today," he advised.

Twitter said in a blog post it hopes to make HTTPS a default setting in the future.

Some settings do not force HTTPS, such as when accessing Twitter from mobile browser where users should go to https://mobile.twitter.com. Twitter advises users to check if third-party applications offer HTTPS.

To turn on the HTTPS option:

1. Go to 'Settings' on Twitter profile

2. Tick the box next to 'Always use HTTPS'

3. Save changes