Security experts urge Twitter users to switch on HTTPS

How To Tweet Properly and Safely?
How To Tweet Properly and Safely?

Twitter has brought in the option to 'always use HTTPS', and Sophos' Paul Duckling believes that everybody should switch on the feature.

"Twitter's new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically," said Ducklin

"HTTPS stands for 'secure HTTP'. If you don't use HTTPS, imposters who listen in to your Twitter traffic can obtain what's called your session key - a secret code which identifies you for as long as you're logged in.

"This means that they can impersonate you, posting any old tweets on behalf of you or your company."

Sidejacking

The process has been brought in to avoid session hijacking or what has become more commonly known as 'sidejacking' – where a unique key or code allocated to you for a session can be fairly simply obtained, allowing access to your account for a time.

"This sort of impersonation is known as sidejacking, because it lets an imposter hijack your Twitter session while sitting somewhere alongside you," explained Ducklin.

"Every time you use unencrypted Wi-Fi, for example in a coffee shop or an airport lounge, any one of the other users sitting round about could be sidejacking you.

"If you're a Twitter user, it's a no-brainer, you want this new option. Turn it on today."

Patrick Goss

Patrick Goss is the ex-Editor in Chief of TechRadar. Patrick was a passionate and experienced journalist, and he has been lucky enough to work on some of the finest online properties on the planet, building audiences everywhere and establishing himself at the forefront of digital content.  After a long stint as the boss at TechRadar, Patrick has now moved on to a role with Apple, where he is the Managing Editor for the App Store in the UK.