We’ve all seen the tweets over the past few days about the new “HTTPS Only” checkbox in our settings menu in Twitter, but a lot of people still don’t understand what that box means and why it’s there.
Bottom line, I think everyone should go in and check that box, and this is why. One of the most common ways a Twitter account can get hacked is through a free public Wi-Fi network that you might innocently access with your laptop when you are at the coffee shop, bookstore or anywhere you set up a mobile office during the day. Most people suspect this is how Ashton Kutcher’s Twitter account was hacked last month (of course, others still say that was just a publicity stunt).
By going into your settings in Twitter and checking the box that says “HTTPS Only,” you are simply adding an extra layer of security to your account. By checking that box, you are basically encrypting the communication between Twitter and your computer; thus making yourself invisible to malicious hackers. This is the same protocol that banks and other large e-commerce sites use online to keep our personal information safe (of course, safe is always a relative term when referring to the Internet).
According to Twitter, in the future, HTTPS will be the default setting, but for now, you have to go into your settings and click that box. Keep in mind this does not keep you safe when using Twitter mobile. If you want to be extra secure when you are on your phone, you’ll have to specifically type in https://mobile.twitter.com instead of just going to the default page, which is http://mobile.twitter.com. Of course, at some point in the future, that detail will be fixed as well. This is a screen shot of my Twitter settings page and where that check box is located.
Even though our tweets are public, I know for me personally, I would be distraught if someone hijacked my Twitter account and started sending tweets without my knowledge. I would even feel violated if someone read my DMs or private information. I make a point to go into my settings menu and click on connections about once a month to disable any old connections that no longer need access to my account. You should consider doing this too because anyone you have listed in connections can get into your account at anytime. This is why many people say nothing on Twitter, even a DM, is truly private. It’s also a good idea to change your Twitter password every six months or so. I have it marked on my calendar. In addition to these precautions, going into settings and clicking the “HTTPS Only” box is a very easy way to put your mind at ease when using Twitter on public Wi-Fi. You can read more about this on the official Twitter Blog which is linked below.