"Twitter's new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically," says Brett Myroff, CEO of Sophos SA.
“If you don't use HTTPS, impostors who listen in to your Twitter traffic can obtain your session key - a secret code that identifies you for as long as you're logged in. This means they can impersonate you, posting any tweets on behalf of you or your company."
This type of impersonation is known as side-jacking, because it lets an impostor hijack a user's Twitter session while sitting somewhere nearby.
"Every time you use unencrypted WiFi in a coffee shop or airport lounge, for example, any users sitting nearby could be side-jacking you. If you're a Twitter user, turn this new option on today," Myroff advises.
“This sort of online impersonation is embarrassing at best. At its worst, it could be reputation-trashing.”
Share