Last week we covered how to setup secure browsing (HTTPS) in Facebook. There’s a flaw in this system though that you may not be aware of. Here we’ll show you the flaw and how to correct it.
1. So you set up secure Browsing (Https) in Facebook to help protect against bad guys running packet sniffing apps like Firesheep over a public Wi-Fi network. When you check the box Browse Facebook on a secure connection (https) whenever possible you think your always protected right? Not necessarily.
2. Unfortunately there’s a flaw in the system. When you visit a page or app on Facebook that requires a regular (http) connection, it switches your entire account connection back to the unsecure (http). If you browse to an app or page that is unsecure, you’ll see the following message. At least Facebook gives you a warning…if you want to visit the page, click Continue.
3. Like in this example where we want to connect to NetworkedBlogs.
4. Here’s where the problem is. If you log out of your account, and sign back in, you’ll notice you’re no longer protected by a secure (https) connection! What? You though you checked a box saying use HTTPS Whenever possible. And the message advising you need to switch to a regular (http) connection doesn’t say you’ll lose your secure connection after visiting a non-secure site…very annoying.
5. So what you’ll need to do is go back into your Account Settings.
6. Under Account Security click on Change.
7. Then check the box next to Browse Facebook on a secure connection (https) whenever possible again to re-enable the setting…make sure to click the Save button.
8. Now you’re back to a secure (https) connection.
So, keep in mind that if you visit a page that isn’t on secure (https) that you double check your settings and re-enable the secure connection settings again. Hopefully Facebook figures out a way to fix this annoying issue soon.