The most common concern expressed by Facebook users has to do with security – Facebook users everywhere ask the same question: Is my Facebook profile and the information it contains safe?
In recent months, a new application called Firesheep – an add-on for the browser Firefox that provides an easy way for non-hackers to access others’ login information – was released. Firesheep works on a basic principle. Each time you log in, you provide your user name and password, which creates a “cookie.” That cookie can be sidejacked* and used to access your accounts.
If you are on a secured network, you can protect yourself. But if you’re using unsecured Wi-Fi, then your cookies may as well be on a plate and handed over to an identity thief, along with some milk to wash them down.
Once Firesheep is installed, it presents the users who are logged in using an unsecured Wi-Fi network and shows the sites they are visiting. It also reveals the users’ name and image, and with only one click, anyone can log in as that user, and gain access to all of their information.
Facebook has responded to the concerns about Firesheep voiced by its users, and has added a means to keep their web connection secure while connected to their accounts. The ability to add this encryption in Facebook was added this week.
To enable the encryption in your Facebook account, click on “Account,” then “Account Settings.” Scroll down to “Account Security,” and click “Change.” Look for “Secure Browsing https,” and click on the box to enable it.
Https protection has not yet been launched to all Facebook users, but is instead being rolled out slowly in the next few weeks, according to Facebook executives. If you don’t see the option yet, keep an eye out for it, and enable it as soon as possible.
It should be noted, however, that this encryption will not stop scams and the “koobFace” virus. There are still those who try to manipulate Facebook users to see videos, stories or images by clicking on a link, which will put that user’s account at risk. Be sure to verify the source of any links you receive before you click, and don’t click on links contained in unsolicited e-mails.
*Sidejacking is a term used to describe the malicious act of hijacking a victim’s user name and password, most often on social networking sites.