On Monday, Twitter announced that it’s introducing support for secure HTTPS connections to all users by default.
Last year, we added the option to always use HTTPS when accessing Twitter.com on the web. This setting makes your Twitter experience more secure by protecting your information, and it’s especially helpful if you use Twitter over an unsecured Internet connection like a public wi-fi network.
Now, HTTPS will be on by default for all users, whenever you sign in to Twitter.com. If you prefer not use it, you can turn it off on your Account Settings page. HTTPS is one of the best ways to keep your account safe and it will only get better as we continue to improve HTTPS support on our web and mobile clients.
From now one, the millions of Twitter users will be protected from popular sniffing attacks, taking place over insecure networks such as the ubiquitous public Wi-Fi networks.
However, the value-added feature doesn’t protect a particular segment of Twitter’s users – that’s the malware-infected Twitter users.
For years, cybercriminals have been obtaining Twitter login credentials by actively data mining their botnets for Twitter login data. Once the host is malware infected, it renders HTTPS useless as the cybercriminals is performing active man-in-the-middle attacks on the targeted hosts.
Thankfully, Twitter’s newly announced feature is a step in the right direction, so avoid turning it off.