Apparently, https://.twitter.com has been a functioning address for some time now, but it’s really doubtful that many users were aware. Now, Twitter users who would like to always access the site under the more secure layer can simply switch on HTTPS permanently by checking a single box under their account settings:
HTTPS has already been the default for Twitter when users first log in to the site (to protect passwords) and on the official Twitter clients for iPhone and iPad. Meanwhile, mobile.twitter.com does not yet have the “Always use HTTPS” feature available yet.
Facebook just announced the same security feature at the end of January. Like Facebook then, Twitter in its announcement emphasizes that enabling HTTPS is vital for users who commonly access the site over unsecured WiFi connections, like public networks at coffee shops or tech conferences.
Actually, Hollywood tweeter and angel investor Ashton Kutcher just two weeks ago got a taste of what can happen while accessing Twitter without HTTPS on an open wireless network. While at the forward-thinking TED conference, a hacker gained control of Kutcher’s account and tweeted out the following message:
SSL, short for Secure Sockets Layer, is a security protocol that encrypts communication on the Web. HTTPS, or Hypertext Transfer Protocol Secure, is HTTP in combination with SSL, providing a more secure layer for Web usage. Online financial services like banks and payments sites have regularly employed HTTPS for some time to prevent leakage of credit card numbers or other personal information, but now it seems that the encryption protocol has found a new home on social networks.
All for the better.
Now it’s just a question of when sites like Facebook and Twitter will simply make HTTPS the default for navigation across all their properties, Web or mobile.