After launching opt-in HTTPS connections for Tweeps in March 2011, Twitter has finally switched on encrypted HTTPS (Hypertext Transfer Protocol Secure) by default, improving the security of users’ accounts while also better protecting them from man-in-the-middle attacks.
“Now, HTTPS will be on by default for all users, whenever you sign in to Twitter.com,” said Twitter in a February 13 blog post. “If you prefer not use it, you can turn it off on your Account Settings page. HTTPS is one of the best ways to keep your account safe and it will only get better as we continue to improve HTTPS support on our web and mobile clients.”
Google introduced optional HTTPS connections for Gmail in 2008 before eventually deciding that "turning https on for everyone was the right thing to do" as a default in January 2010.
Facebook also gave users more control over their security by introducing an "always on" HTTPS option for users in January 2011.
The Electronic Frontier Foundation (EFF) has developed a Firefox extension, called HTTPS Everywhere, which automatically encrypts your communications with HTTPS.
For more Twitter safety tips visit: https://support.twitter.com/articles/76036-safety-keeping-your-account-secure