Assuming you read last week’s post, I have to ask: Are you practicing safe Facebook? What? You only read about my experience and failed to take any action? Tsk, tsk.
Actually, I don’t blame you. Facebook doesn’t do a very good job of telling the world about their security features. Even the new ones seem to slip in under the radar. I figure it’s because they are beta testing them on the general public, or they are afraid of a backlash from the tech community wondering where these features have been the past few years.
Even when I encountered someone hacking into my account, when I finally resolved the matter, Facebook’s Risk Management department sent me an email with less to do about measures I can take within my Facebook account and more about things to do with outside apps. I already feel I take my security pretty seriously, so I dug deeper into a few of Facebook’s not-so-obvious security features.
Make use of secure browsing
I have to thank my friend Stacie Tamaki (The Flirty Blog) for being the first to point out the secure browsing (https) option that Facebook recently implemented. To flip the switch, you’ll need to click on Account then Account Settings. Don’t get frustrated by thinking it should be under Privacy, it’s just not there.
You should default to the Settings tab when the page loads, and then scroll down the list to Account Security and click on Change. The first option will be for Secure Browsing (https). You’ll want to check that box and click on the Save button.
Tracking devices and computers with access
This is also where you can track any device that logs into your Facebook account. It was this feature that helped prove I was not responsible for the fraudulent charges on my account. All you need to do is enable the Login Notifications by choosing to receive and email or text message (or both) whenever this happens.
The nice thing is that since you name the device, you can keep a running log. Notice I went with a somewhat distinct naming scheme to help thwart attacks from unknown users. It will also log the IP, and report your location (based on the IP).
Drawbacks of secure browsing
Perhaps the reason Facebook hasn’t made secure browsing so obvious, is that it somewhat ruins the experience. Take the American Express OPEN Big Break as an example. While the main Product Page is still secure, the tab item for the Big Break is not. As a result, you have to temporarily stop secure browsing:
You’ll want to pay attention to that last line: You will have a secure connection upon your next login.
I didn’t quite catch this the first time. Since I am the only one that uses my laptop, I have my Firefox browser set to “remember” me on the login screen. That means that I’ve got to actually logout and log back in to resume secure browsing:
Another concern if you are using the notifications to track device login – this can get tedious if you use a lot of computers or devices. Certain applications that you grant access are also considered devices (for instance, I use Rapportive for Gmail, and received a text upon authorization). I actually think this is a good thing, but if you are not on some kind of unlimited texting plan, you should be careful how you set this up.
The native app that you use on iPhone is going to only secure your password. That means your username, any chats, wall posts, info requests and more will be open to that guy on the other side of Starbucks who has hacked the WiFi signal.
The touch.facebook.com site for mobile browsers is actually worse, not even running over a secure connection.
To help avoid fraudulent charges, remove any stored payment methods unless you absolutely need them. I had one from a recent Facebook Ads campaign, and that’s what got me in trouble (they are also used for Facebook Credits). You can check yours by going to Account Settings and then the Payments tab. Then look for Payment Methods and click on Manage. You will need to re-enter your password to view this.
If you are incredibly paranoid, I’d recommend going through all those apps you didn’t realize you authorized. If someone hacked into them, they could gain access to all sorts of data stored in your Info tab. To block or remove these, venture to the Privacy Settings and then scroll down to Apps and Websites and click Edit Your Settings. When the screen reloads, click the first Edit Settings button for Apps You Use.
Plan to be on this screen for a while.
As I’ve stated in the past, Facebook is a great service and I think that it will continue to shape the future of how we communicate both online and off. That doesn’t mean that they didn’t grow up too fast in a recent boom of users and have trouble understanding the best way to secure their users. It seems that they have made attempts at becoming more secure, but they are failing to notify the public of these changes.
Perhaps they would be better off just using a secure connection whenever possible?