As reports of a new p0rn storm swarming over Facebook continue, we thought it time to look at Facebook’s Security Settings which are mostly opt-in i.e. you have to set them up yourself – which inevitably means that most people won’t have done ;-)
Facebook Secure Browsing (https) – Secure browsing is an opt-in security feature. When you turn this feature on, your traffic (i.e. all of your activity) on Facebook becomes encrypted, making it harder for anyone else to access your Facebook information without your permission.
You should definitely enable this option if you use Facebook from public Internet access points found at coffee shops, airports, libraries or schools but we advise it for home use too. To turn on Secure Browsing (https):
- Log into Facebook and go to your Security Settings page (Account Settings / Security)
- Click on the ‘Secure Browsing’ section
- Tick the box ‘Browse Facebook on a secure connection (https) when possible’
- Click the ‘Save Changes’ button
You have now turned on secure browsing on Facebook – note that the Facebook website address in your browser should now begin with ‘https://’ – the ‘s’ in https indicates secure browsing, just like when you log into an online bank account.
Whilst in this Security Settings page, consider the other options as shown below:
Active Sessions
The Active Sessions section displays a list of the recent times you accessed your Facebook account. Each entry includes your approximate location when signing in and the type of device used to access your account (e.g. name of web browser and operating system). Note that the location is derived from your internet IP address so may be a location a hundred miles away – it depends how your broadband service provider (ISP) routes you through the internet but should definitely be in the same country/state.
If you see from the list that your Facebook account was (or is being, eek!) accessed from an unusual location (especially if from another country/state) or the device type does not match any of the devices you have used recently then your account may have been hacked – you should immediately change your Facebook password and security questions.
However, remember that your location may change daily depending on your ISP – and think back to whether you logged into Facebook from a different device or location yourself recently e.g. from work/laptop/phone. You don’t want to scare yourself unnecessarily…
Login Notifications
A useful security setting to notify you if a new device/person logs into your Facebook account. To set it up, choose a method of notification and Facebook will alert you by email or text message (if you have added a mobile number to your account) whenever your account is accessed from a computer or mobile device that you haven’t used before. If you log into Facebook via a new computer you need not worry about such a message but if you know you haven’t then the message indicates a hacker has broken into your account.
After you turn on Login Notifications:
- Next time you log in you will be asked to name your device and can save it to the list of Recognized Devices (also shown in the Security Settings window) – but don’t save the device if you’re using a public computer e.g. library etc. You can do this over time with any other devices you use to log into Facebook to create a list of your known ‘good’ devices.
- After naming a device, you will receive a notification of confirmation to the email address associated with your account and your mobile phone (if you selected that option).
- If you ever receive a new Login Notification from an unknown device or location, follow the instructions in the notification to reset your password and secure your account.
Login Approvals
Login Approvals is another opt-in security feature similar to Login Notifications, but with an extra security step – each time anyone tries to access your Facebook account from an unrecognized device (e.g. a new computer/phone you haven’t named and saved to your Facebook account), they first have to enter a security code that has been sent to your mobile phone (you must have added a mobile phone number to your account). As only you know this code, it stops anyone else gaining access to your account – even if they have worked out your password.
This is the strongest step of all as it helps prevent access even if your password has been hacked.
Conclusion
Using secure browsing encrypts your activity on Facebook, making it more secure and difficult to intercept. However, the best way to avoid your Facebook account being hacked is to use a strong password i.e. one with 14+ characters and a mix of lower/upper case letters and numbers and symbols.
For added protection, check your active sessions for signs of any previous hacking and set up login notifications and login approvals to protect against unauthorized access to your Facebook account in the future.
I thought i’d switched on secure browsing a while back but juts checked and it was disabled so had to switch on again, maybe facebook are up to their tricks and resetting security options again?