A new Facebook security option is being rolled out over the next few weeks. Instead of the URL starting with the typical http://, you can set up your Facebook to use https://, the "s" meaning your connection is securely encrypted. To get the extra shield against malicious users and hackers, users have to go into settings and turn it on.
This week, make sure your Facebook connection has the S.
Instead of the URL starting with the typical http://, you can set up your Facebook to use https://, the "s" meaning your connection is securely encrypted.
It keeps malicious users from spying on your account and seeing your password, among other things.
The new security option is available for some users now, but will be rolled out to everyone over the next few weeks, Facebook says. But to get the extra shield, users have to go into settings and turn it on.
This recent announcement is unrelated to the recent hacking of Facebook creator Mark Zuckerberg's profile. A Facebook blog post said it was timed for Data Privacy Day later that week.
A hacker posted the following on Zuckerberg's page, which was later taken down: "Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011"
The day before, French President Nicolas Sarkozy's Facebook page was hacked with a fake message saying he wasn't going to run for re-election next year.
So how does https:// guard against such attacks?
It matters most for people who access the Web site on an unsecured Internet connection, such as at a work conference or coffee shop. Hackers who are sharing the same unencrypted Internet connection can use programs, such as one called Firesheep, to grab passwords. Security experts say it's likely that's how Zuckerberg's account was hacked.
Even if you don't use Facebook on a public Internet connection, it's important to opt in for https://. Any Web site dealing with your money uses it. Google uses it for its mail. Doesn't it make sense to use it for a site on which you share personal data daily?
You can turn it on by clicking "Account" on the top right, then "Account Settings" and "Account Security."