Facebook Steps up SSL Game

Bruce Morton

A year and a half ago, I wrote a blog, Nice Try Facebook. This was my response to Facebook’s turning on of HTTPS for users. Probably a response to mitigate the new Firesheep attack. (BTW, happy second birthday Firesheep; more than 2.4 million downloads in two years.)

My issue with Facebook was the HTTPS feature was off by default. Users needed to “opt-in” and take several steps to turn it on. It also was provided on a best-efforts basis and there were some applications that were not supported.

The good news is Facebook has just released a blog stating that they are now “Rolling out HTTPS for all Users.” Per the blog, the feature will be available this week for North American users and then rolling out to the rest of the world.

If you can’t wait, you can turn on HTTPS by going into Facebook’s Account Settings, then Security, and enable Secure Browsing.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.


Add to the Conversation