14 DAY TRIAL // Facebook has introduced a new option which allows users to make HTTPS a persistent setting and is working to add encrypted connections as the default choice in the future.
Security experts have long urged Facebook to make it easy for people to enable full-session encryption, especially after session hijacking tools like Firesheep received wide coverage in the media.
The Firesheep Firefox extension allows even for non-technical users to launch man-in-the-middle attacks over unsecured wireless networks and hijack other people's accounts.
The usefulness of session encryption was also demonstrated recently when the Tunisian government mounted nationwide account hijacking and phishing attacks against Facebook users.
HTTPS has been available on Facebook for a while now, but using it required users to manually access the social networking site with https:// in front.
Thanks to the newly introduced option located under Account Security, people can now choose to make the setting persistent over sessions.
There are still some issues with the use of HTTPS on Facebook which the company is trying to resolve, but it might take a while.
"Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS," Alex Rice explains on the Facebook Blog.
Rice also says the ultimate goal is to offer HTTPS as the default option for everyone in the future, something which few large websites, except e-commerce and banking ones, have implemented so far.
The most well known is Gmail, which made the switch to default full-session HTTPS a year ago. Google has since encouraged other website owners to adopt the technology.
Another relatively popular site, albeit for the technical bunch, that forces HTTPS by default is GitHub, the largest code hosting repository and collaborative development platform on the Internet.