Facebook security updates – how to make your account more secure
Facebook has recently updated their security settings. In this How-to we highlight some of the updates and the security nuances to help you stay on top of your account security settings. Paul Laudanski blogged about the subject awhile back, if you want to reference that security primer.
When you login to your account, you may now be greeted by an offer to take a tour of the new features, so let's get started:
Who are you with?
The first option is to tag who I happen to be with, in this way you can share with friends on Facebook what you’re up to at the time, and what friends or colleagues you may have with you.
This is handy to make your profile more relevant, it’s also a perfect profiling tool for scammers, identify thieves and other targeted attacks like spearphishing. If a scammer, for example, sees you spending much more time with certain individuals on your friend list, an increased weight can be assigned, signifying importance, of this contact. They say you’ll become like an average of your five closest friends within five years (test that in your own life), this means the algorithms can start to predict with increasing accuracy what that picture will look like. This creates a weighted profile of yourself, so scammers will know much more accurately how to target you. It’s true that’s you’re known by the company you keep – now it’s more true than ever.
I opted out of the feature, not just because I have no friends, or ones that want to be seen with me. I think my friends deserve not to be snooped on by scammers, and if scammers know they’re with me at the time, there’s a lot that can be inferred about their preferences from that information, not just what bad restaurant we’ve chosen. The scammers would, for example, know that they aren’t likely at home, and so physical property scams would be more likely at the friend’s house, all without their knowledge. That can’t be what friends are for.
What is your location?
Here you can opt to display where you are located when you update your status:
Notice the “Add Location” was checked by default. It seems like a handy feature, after all, you can keep up with your friends a little better this way, and they can keep up with you, find out where you are, what you’re doing etc. Keep in mind, a scammer might want to know the same things. If you took a picture of the beach two minutes ago, and you live hundreds of miles from any beach, it’s safe to say you’re not home. This type of information opens the door to physical threats against your home, after all, you won’t be home within a couple hours at least.
I clicked “Don’t Add Location”, I’ll just have to let my friends know where I am the old fashioned way – call them.
Control privacy when you post
Here you can determine the audience for your status updates:
You have these choices:
It’s nice that they mention Public vs. Everyone. Public has a way of letting you know that pretty much anyone can see content that’s Public, not just Everyone who’s your friend. To quote Facebook, “The setting still means the anyone on the internet can view this content, and any of your past Everyone posts are still visible to the same audience.” Facebook calls this the “inline audience selector.”
Sharing overview
I clicked on the link at the bottom of the dialog box that says “Learn more about what’s new” and it takes me to a page with a nice overview:
Account settings
Now let’s head over to account settings and look around. Here it tells you the last time you changed your password:
If it really is never, you can change that here.
Security settings
Now let's look at the Security Settings section. Here you can change various settings so we'll examine some of them and see what they do:
Let’s start by enabling Secure browsing, so your traffic will be encrypted while you’re logged in. This makes it more difficult for prying eyes to intercept your communication with Facebook and do nasty things. It’s simple and it’ll give you a nice little boost in security, so why not?
It’s not enabled by default, but you can enable it like this:
When you do enable https, Facebook should automatically re-direct you to the https:// version of the site, instead of the regular http://. The next time you login, it should do the same.
Login notifications
Next, we enable Login Notifications. This will send you an email when someone logs in from a new device. Typically, you use just a few devices to access Facebook, so if a scammer logs in from somewhere on the other side of the world, now you will know. A good idea to play it safe, so we enable this as well.
Login approvals
Here you can choose to specifically allow/deny a login from a computer the system hasn’t seen before. If you only access Facebook from a single (or a couple) devices, this might make sense. If you work on the road from a variety of platforms, the extra steps might become a burden. Your level of paranoia is also a factor. If you think you need this feature, enable it. In this example, we leave it disabled.
App passwords
Third party apps would appear to the main Facebook site as a third party attempting to access your information. If you had Login Approvals enabled, you’d get a notification each time the app tried to access information, a possible big pain. If you use this feature, you generate login information for the app, and then it uses it to access your information.
So if you turned on Login Approvals, you might like this too, unless you want a lot of notifications, or don’t use third party apps.
Recognized devices
This is a list of the devices that are approved to be used to log in to your Facebook account, if you enabled the Login Notifications above. There should be a list of devices, which you will be prompted to provide names for. If some device not listed tries to login, it will question whoever is attempting the login.
Active sessions
Here, you can see who’s currently logged in, and kick anyone out who shouldn’t be there. It will also try (with varying degrees of success) to tell you what type of OS and browser they use.
Wrapup
Facebook has seen meteoric growth in the past few years, and has been busily trying to match the growth with a matching security stance, no small task. Expect them to continue to roll out changes, and expect to need to keep on top of your security settings to stay protected. In the future we may do another blog as new changes are rolled out.
8 Responses to “Facebook security updates – how to make your account more secure”
Leave a Reply
- David Harley (723)
- Randy Abrams (431)
- Cameron Camp (102)
- ESET Research (56)
- Pierre-Marc Bureau (50)
- Stephen Cobb (44)
- Aryeh Goretsky (31)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Paul Laudanski (11)
- Robert Lipovsky (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Sébastien Duquette (5)
- Tasneem Patanwala (3)
- Peter Stancik (2)
- Righard Zwienenberg (2)
- Andrea Kokavcova (1)
- David Carnevale (1)
RSS
October 22nd, 2011 at 1:13 pm
Try playing any games in FB with Secure browsing enabled. It just won't happen until you disable it.
Also, any comments, likes, posts, etc., WILL show up in the sidebar for all your friends to see regardles of your privacy settings. So much for privacy..huh????
October 23rd, 2011 at 9:44 am
Thjs is good information, neatly compiled. I intend to share it with my blog readers (with credit, of course). Thanks!.
November 5th, 2011 at 10:45 am
Have they taken away the option to allow a friend to see everything on Facebook like normal, view wall posts and pictures, and even chat, but still prevent them from leaving a comment? I need this, as I have a relative I don't want to block, but want her to see my status updates and not guess which one she will pick to make a rude comment on.
November 24th, 2011 at 11:01 pm
i hate facebook.. many times i tried to fix my fb account but it doesn't work at all
January 2nd, 2012 at 1:40 pm
I love Facebook! How can anyone complain when this is a free service, and from what I hear, always will be!! It provides me the access to all of my family members and friends who live to far away to visit, and I have even reunited with school mates I havnt talked to for 30 yrs. So if you dont like Facebook( Or you just arnt appreciative), dont use it!!! Once again "I LOVE YOU FACEBOOK!!" Thank you for the free service. For those of you complaining, I dont think a few glitches is to much to tolerate, considering you pay nothing!! Quit complaining!!!
January 3rd, 2012 at 1:59 am
Sonia, no-one doubts the benefits of social networking, and many security people also use Facebook. But Facebook is not a charitable organization, it’s a business. What you’re losing sight of is that Facebook is free to _you_ because it’s selling your data, and sometimes the way in which it operates puts your online safety at risk. You may not be worried about your own data, but it’s entirely reasonable that other FB users should take reasonable precautions with theirs.
February 15th, 2012 at 5:56 am
hello to whom it may concern
why I.ve been told that I cannot add friends for 30 day cause i sent a lot of adding friend when in fact I did not
can There be a mistake or some one tampered with my account Thank Hope i get an swer
February 15th, 2012 at 7:51 am
Joseph, I’m afraid you’ll have to contact Facebook for a definite answer on that one. You can, of course, check on your list of friends to see if there are lots of people you don’t know.