Cool news: Facebook finally rolled out a secured browsing option (https). Typical news: Users have to manually activate it.
In spite of a virtual ton of criticism and the usual bad press surrounding Facebook's security/privacy choices, the company's official announcement of the new option remained cool:
If you’ve ever done your shopping or banking online, you may have noticed a small “lock” icon appear in your address bar, or that the address bar has turned green. This indicates that your browser is using a secure connection (”HTTPS”) to communicate with the website and ensure that the information you send remains private. Facebook currently uses HTTPS whenever your password is sent to us, but today we’re expanding its usage in order to help keep your data even more secure.
Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools.
To manually enable https, start at your Account Settings page. If the option has been rolled out to your particular account, you'll see the following under the "Account Security" section:
Simply tick the https option and you're set to go. Bear in mind that though enabling the new feature will kill tools designed to highlight a site's weaknesses (such as Firesheep), it will also likely slow down your surfing time (encrypted sessions typically take longer to load). Further, several third-party applications and some Facebook features are not currently supported in https, which means you may be in for some secure, albeit buggy, adventures.
The lack of total support across the board for https probably has something to do with why it isn't activated by default, but the company is looking to change that “sometime in the future.”
In other secure news, Facebook has also added a clever little social captcha feature for retrieving lost passwords. Rather than requiring you to copy the usual wavy letters in order to prove that you're human, now you'll need to identify a picture of a friend:
For more details on Facebook's security efforts, head on over here.