Facebook Intros Social CAPTCHA, Site-wide HTTPS

Pulkit Chandna

When security researcher Eric Butler released Firesheep, a packet-sniffing Firefox extension capable of hijacking Facebook and Twitter sessions over any open Wi-Fi network, he clarified that all he wanted was for these service to use “end-to-end encryption, known on the web as HTTPS or SSL.” Mr. Butler surely must be a lot happier now that Facebook has decided to use HTTPS (Hypertext Transfer Protocol Secure) for everything as opposed to just user logins.

"Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries, or schools. The option will exist as part of our advanced security features, which you can find in the Account Security section of the Account Settings page," the company wrote in a blog post . Eventually, HTTPS will be made the default setting.

Social authentication is another new security feature introduced by the company: “Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are.”

These security updates come close on the heels of two high-profile hacks. FB founder Mark Zuckerberg and French President Nicolas Sarkozy have both had their official fan pages hacked in the last few days.

Around the web