Facebook rolls out always-on encryption in wake of CEO's fan page being hacked

Facebook users can opt to connect via SSL over HTTP, but some third-party features still won't be secure

Just one day after Mark Zuckerberg's Facebook fan page was hacked, his company has announced a new security measure to make its site safer for him, as well as for the less-privileged Facebook users of the world: always-on SSL encryption.

Users now have the option to access Facebook via HTTPS, which can reduce the risks of user information being intercepted by bad guys whilst socializing. The option appears among the advanced security features in the Account Security section of the Facebook Account Settings page.

The important caveat here is that HTTPS implementation will not render Facebook sessions entirely secure: As noted in the Facebook blog, "Some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues."

In other words, Facebook accounts might still be in jeopardy when used to access apps for important activities like managing virtual farms, zoos, towns, mafias, fish tanks, and the like.

Tim Callan, head of trust services product marketing at Symantec, applauded the move and cited Google's successful rollout of always-on SSL sessions last year. "Many may remember when Google did the same ... last year. Despite historic concern that deploying SSL session-wide may degrade performance, Google reported that there's no significant downside," Callan wrote in his blog.

Follow Ted Samson on Twitter at tsamson_iw.

This article, "Facebook rolls out always-on encryption in wake of CEO's fan page being hacked," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Join the discussion
Be the first to comment on this article. Our Commenting Policies