

Facebook Beefs Up Security With Social Captchas and All HTTPS, All The Time - bpeters
http://techcrunch.com/2011/01/26/facebook-security-https-social-captchas/

======
igravious
This is already on the front page with a link to the actual Facebook blog:
<http://news.ycombinator.com/item?id=2143415>

~~~
bpeters
Opps, good catch :)

------
tlrobinson
Finally! I've been waiting for a "force HTTPS" option for a long time.

Now, how do you enable it? I looked around the settings and didn't find
anything.

~~~
daveman692
It's under "Account Security" on
[https://www.facebook.com/editaccount.php?ref=mb&drop](https://www.facebook.com/editaccount.php?ref=mb&drop).

~~~
tlrobinson
Hmm, does anyone else not see it there? Perhaps they're still rolling it out.

~~~
fourspace
Not there for me. Looks like a slow roll out.

------
jessedhillon
Regarding the social CAPTCHA: I hope they use some heuristics to gather who is
really my friend and who is a "friend-me-once-and-never-talked-to-me"
connection. There are a number of faces they could show that I wouldn't be
able to put a name to.

I _also_ hope they change the default privacy settings so that a person's
friend list is hidden from unrelated viewers, otherwise a determined attacker
could presumably browse your friends until they find the person in the
CAPTCHA.

------
thinkcomp
...and yet someone is still able to post random Turkish phrases on my Facebook
profile as if they are coming from me. I guess now they'll be secure Turkish
phrases at least.

<http://news.ycombinator.com/item?id=2105378>

