Enhanced security on Facebook


  1. Our good friends from Facebook have recently launched a page for family safety. They call it the Family Safety Center, and it includes some interesting resources for parents and educators. It's not the Grail, but it demonstrates they are going in the right direction. All in all it's a good effort (or a reflex due to pressure from U.S. politicians, depending on your degree of cynicism ; ) ... ). It's available at facebook.com/safety;
  2. They continue to publish specific content about security and privacy. This isn't new but it's worth reminding you that these pages exist and their addresses are: facebook.com/security and facebook.com/fbprivacy;
  3. They've strengthened the security of communications, i.e. our communications can be protected by encryption while traversing the network. It was already possible to enable SSL connections on Facebook (also known as HTTPS connections), but every time we used an application or a game that didn't communicate this way, the security configuration would be disabled and wouldn't be enabled again automatically. Now it does;
  4. Finally, the cherry on top of the cake: two-factor authentication will be available. In other words, every time you log in with your Facebook account on a computer you've never used before, an SMS will be sent to your mobile and you'll have to enter a code on the page to confirm you are who you say you are. This control isn't yet available – it'll be deployed in the near future.

Regarding the first three topics I've nothing else to add. But I'll throw a few comments about the forth:

  1. It's already possible to receive an SMS on our mobile whenever we log on to Facebook from an unknown computer (we, or someone impersonation us). This control won't stop someone from entering our account but it'll alert us and give us an opportunity to rapidly change our password and deactivate the other session;
  2. In order to enable the sending of messages to our mobile requires, obviously, that we share our number with Facebook itself. Actually, I'll say it in another way: requires that we share the number with the people who control Facebook. In most cases, this information is not strictly confidential but can become very sensitive if it falls into the wrong hands – and that can happen, for example, if Facebook is compromised as a result of a security breach. The decision to share the number is yours, of course, and should be taken under the light of your own risk assessment;
  3. If you do decide to share the phone and activate this control you should do the following:
    1. Account → Account Settings → Mobile
      and follow the instructions from there to define the mobile phone number, and the various options available for sending and receiving;
    2. Account → Account Settings → Account Security
      and activate, en passant, the three security checks:
      • Browse Facebook on a secure connection (…)
      • Send me an e-mail
      • Send me a text message
    3. Account → Privacy Settings → Customize settings
      and search for your mobile phone number (it's probably at the end of the page) to define who will be able to see it. i.e., Everyone, Friends of Friends, Friends Only, or Custom. If you don't want it to be visible to anyone, choose Custom → Only Me.
  4. Since you are reading about security and your hands are on security configuration, take this opportunity and check your privacy settings. Go to Account → Privacy Settings → Customize settings, and check if the parameterization corresponds to what you really want.

Et voilà. I've said enough already : ) If you feel this information would be useful for someone else, you know, share it ; )