Facebook Introduces Permanent HTTPS Connection Option

Facebook has just announced a new feature that should make the security conscious crowd very pleased, users now have the option to enable a permanent, secured HTTPS connection to the site. This will ensure that all communications with Facebook, from any device or browser, will be done over the encrypted HTTPS protocol.

"Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure," Alex Rice, a security engineer at Facebook, wrote.

"Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools," he announced.

"The option will exist as part of our advanced security features, which you can find in the 'Account Security' section of the Account Settings page," he explained.

If you enable HTTPS connections by default on Facebook, all your data will be sent securely to the site. Normally, only the authentication process is encrypted.

With the regular HTTP, anyone with access to your network can potentially snoop in on what you're sending, the pages you're visiting, photos you upload and so on. This is especially risky over public wireless connections.

There are still some caveats with Facebook's implementation. Pages will load somewhat slower. Also, many apps, hosted outside Facebook, don't support HTTPS connections so every time you use one, the connection reverts to plain old HTTP.

Facebook is rolling out the feature to all users over the coming weeks. Interestingly, the social network is planning on making HTTPS the default for everyone, as soon as it is feasible for the site.

Several large sites are slowly starting to adopt HTTPS connections as the standard. Google offers the option for several of its services. Microsoft's Hotmail also introduced support for permanent HTTPS connections recently. Still, so far, Gmail is the only large, mainstream site that defaults to the encrypted protocol rather than just offering the option.