Why Should I Care About HTTPS On Facebook (Or Other Websites)?

Dear Lifehacker, I'm not a huge nerd, but everyone's talking about switching to HTTPS on Facebook because it's so much better. Why is it better and why should I care? Sincerely, Insecure About HTTPS

Dear Insecure,

HTTPS is a significantly more secure version of HTTP, which is the protocol you generally use to load up your web pages (whether you're aware of it or not). HTTP stands for Hypertext Transfer Protocol, so HTTPS stands for the same thing but with Secure on the end of it. This is because, as Wikipedia will tell you, HTTPS is "a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server".

Why You Should Care

So yeah, you get it: HTTPS provides additional security, but what does that actually mean when you're browsing the web every day? It basically means you're protecting your private information from people who want to steal it using readily availably tools like Firesheep.

It means when you enter your password or your phone number or anything personal on Facebook — or any other site offering HTTPS — that data will be encrypted as it flies through the great tubes of the internet.

Think of it like this: you're having a private conversation with your new boyfriend or girlfriend, and your ex — unbeknownst to you — is a few tables over listening to every word. That's the sort of risk HTTP poses, whereas HTTPS would be more like if you and your new romantic interest were speaking a new language that only the two of you understood. To your stalker of an ex, this information would sound like gibberish and s/he wouldn't get any value from listening if s/he tried. HTTPS is a way for you to exchange information with a web site securely so you don't have to worry about anyone trying to listen in.

OK, I Want HTTPS Right Now!

Good choice! Enabling HTTPS in Facebook is very easy. Just visit your Account Settings page, select Account Security (it's the third option from the bottom), and you'll find a checkbox to enable HTTPS under the Secure Browsing header. That's all you have to do.

What about everywhere else? Well, HTTPS is enabled by default on most sites that take sensitive information like your credit card number, so you're generally good to go when buying online. Every browser has its own way of representing whether a site is secure, but generally you'll see a lock icon in your browser's address bar. There are varying degrees of security, however, since sometimes emails have attachments coming from insecure sites (more info on that here). If you want HTTPS everywhere, the Electronic Frontier Foundation's (EFF) aptly named HTTPS Everywhere is a Firefox extension to provide that functionality. They also recommend KB SSL Enforcer for Chrome users, but have found that it isn't implemented as securely (which could be a limitation of the Chrome extension framework).

So that's HTTPS in a nutshell and why you should start using it as much as possible. Hope that helps!

Cheers, Lifehacker