Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Facebook has taken heed of calls to bolster its security, announcing an "opt-in" session encryption feature that temporarily threatens the functionality of many of its apps customers.
"If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green," explained Facebook security engineer, Alex Rice, on Wednesday.
"This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private."
Facebook's new security feature comes at a price for both customers and users, according to Rice, which may explain why Facebook had not deployed the feature earlier.
"Some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues," said Rice.
Another cost to users was that encrypted pages may take longer to load. "You may notice that Facebook is slower using HTTPS," Rice warned.
Facebook's opt-in strategy appears to have been aimed at harm-minimisation for its apps customers, with the feature requiring activation via Facebook's Account Settings page.
The new security feature follows concerns raised over Facebook's lack of HTTPS after session hijacking tool Firesheep was released last year. The tool exploited security gaps available when users accessed Facebook from public WiFi hotspots.
Rice recommended users consider enabling the option if they regularly accessed Facebook from, for example, at libraries or coffee shops.
The new feature would be available in the coming weeks while a default encrypted session may be on the cards, according to Rice.
"We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future," he said.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
