iPhone app iPad app Android phone app Android tablet app More

What Facebook's New Security Features Mean For You

The Huffington Post   First Posted: 01/27/11 10:45 AM ET Updated: 05/25/11 07:30 PM ET

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy
Facebook Https

A day after Mark Zuckerberg's Facebook page was hacked, Facebook has rolled out a set of new security features.

There are some important changes that Facebook users should be well-acquainted with so they can protect themselves and their information on the social network. We've spelled out everything you need to know about the new tools below.

The first new feature, HTTPS-enabled browsing, will let users create a secure connection, even if their network is insecure.

HTTPS will help protect password stealing on public networks, as well as protecting you against programs like Firesheep, a Firefox plug-in that lets you log in to other users' Facebook, Twitter and Tumblr accounts (to name just a few).

HTTPS can slow down browsing, but the difference is often negligible--Gmail is HTTPS protected and still speedy. But more importantly, Facebook does not automatically enable HTTPS browsing. If you want to make sure that the lurker at your local cafe is not secretly peeping at pictures of your grandma drinking champagne from a cowboy boot, you have to change the settings yourself.

How do you enable HTTPS?

First, you go to "Account" on the upper right of your screen, and select "Account Settings." From there, you go down to "Account Security" and click "Change," which will allow you to enable HTTPS browsing. It will also let you receive an email when a new computer or device logs into your account, if you so choose.

Facebook's second security update is an authorization feature--"social authentication"-- that will activate if suspicious activity occurs on your account (logins in Beijing and Berlin one hour apart, for example) and is intended to verify that your account belongs to you and has not been compromised.

Facebook will test your identity by asking you to identify pictures of your friends, in a personalized update of more familiar CAPTCHA technology. "We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are," Facebook explained in a blog post.

Check out Facebook's social authentication feature below:

Facebook Picture Recognition

FOLLOW HUFFPOST TECH

Related News On Huffington Post:
 

Read more from Huffington Post bloggers:
Noah Efron

Noah Efron: The Meeting of Science and Religion in Real Life

Even more than tired polemics about Darwin, this is where science and religion meet in ways that matter: behind the locked bedroom door of a teen at a screen, waiting to be friended.
Jonathan Rabb

Jonathan Rabb: When "Socialism" Meant Something

That socialism's ideals are alive and well in the US today -- on both the left and the right -- makes it so amazing that they should continue to be so badly misrepresented.

 
 
  • Comments
  • 130
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
Page: 1 2 3 4 5  Next ›  Last »  (5 total)
photo
Carla Bobka
0 Fans
04:13 PM on 01/30/2011
Does anyone know if setting the security setting protects your password while using a mobile app or is it just for logging in via a web browser?
Permalink  |
HUFFPOST SUPER USER
Joseph Bethea
musician
48 Fans
12:37 AM on 01/29/2011
Amazing how after his own page get hacked now he's worried about security as long as it wasn't his he was kool with it
Permalink  |
photo
HUFFPOST SUPER USER
fgr1111
No, No, No... But they want to be Re-elected!!! ja
34 Fans
03:36 PM on 01/28/2011
"Facebook's second security update is an authorization feature--"social authentication"--
They have been doing this for several months now. Am I missing something here? or do we need to ask out friend David Assange for the real story?
Permalink  |
This user has chosen to opt out of the Badges program
agxphoto
115 Fans
02:56 PM on 01/28/2011
HTTPS means that the station doing the transmitting has been verified. That's all.

Certificates can be made for free with OpenSSL; the technology to build one has been available for decades; many companies offer common consumer grade certificates for under $20. Their function is to verify that the person or location who says they're doing the transmitting is doing that transmitting. It's a basic code check.

Any instance of redirection, or signal splitting, like sending cookie information to another website or using "http" anywhere in the web page's source code, would cause many browsers to show that the HTTPS was broken.

I would have expected that kind of balancing information to appear in the article above.

HTTPS and SSL is a layer of protection similar to driving on the road with a license plate on your car. It does not protect or secure a website against all forms of misuse or problems. Really, it's a level of transmission verification so basic, that almost every website could stand to use it. For these reasons, even as an HTTPS/SSL user, I feel it's a misnomer to assume that any site is completely secure just because of SSL.

SSL is a good idea, and a basic transmission method; but, it does little more than verify the transmitter. I think it should be used, but it's not an answer to all security concerns with computer networking.
Permalink  |
photo
wsuvtx
23 Fans
 
12:59 PM on 01/28/2011
The best security on Facebook is to NOT PLAY THE GAMES. If you really want to farm go plant a garden. If you really want to run a city go run for Mayor. If you really want to be in the Mafia go to New Jersey.
Permalink  |
photo
HUFFPOST SUPER USER
kelleyajones
163 Fans
07:58 PM on 01/29/2011
Well said, especially Mafia go to NJ!
Permalink  |
photo
HUFFPOST SUPER USER
Dadzilla
Breathing radioactive fire for admusement
326 Fans
10:29 AM on 01/28/2011
It means something until next week when they change the policy again. Seriously, I think they should stop everything for a week, have a beer and reflect on a larger security and privacy strategy.
Permalink  |
photo
KeysE2S
I feel-a so break-up, I want to go home!
108 Fans
10:10 AM on 01/28/2011
http://www.facebook.com/pages/FB-Griefers/149330568453649?ref=ts
Permalink  |
AllenAllen
16 Fans
09:25 AM on 01/28/2011
There is no HTTPS option as you claim. I just looked (it is now Friday 1/28/2010)

I followed these instructions:
"First, you go to "Account" on the upper right of your screen, and select "Account Settings." From there, you go down to "Account Security" and click "Change," which will allow you to enable HTTPS browsing. "

I did see the email notification option.
Permalink  |
HUFFPOST SUPER USER
Benjamin Rosenfeld
100 Fans
 
07:04 AM on 01/28/2011
I posted this earlier, but it's now on the last page and it serves best on the first.

That doesn't permanentl­y enable https. The https goes away when you leave account settings for, say, your home page or to add a network or something or to view someone's pictures.

The picture authentica­tion isn't new. They've been tinkering with it for a while now. I had to go through it once or twice last year and I didn't appreciate it. It isn't very helpful when you don't know 100% of your friends. If you have friends whose only purpose is to serve as 'neighbors­' in a game or whatnot, and you don't know what they all look like of hand, then you can get locked out of your own account. So, yeah, it's far from a perfect system.
Permalink  |
photo
GEM-592
Edit your micro-bio.
112 Fans
05:22 AM on 01/28/2011
For me? ZIP
Permalink  |
photo
HUFFPOST SUPER USER
Eyeful
Virtuous Raconteur
338 Fans
02:47 AM on 01/28/2011
More than 500 million active users and no HTTPS? Good thing Zuckerberg got hacked.
Permalink  |
HUFFPOST SUPER USER
Benjamin Rosenfeld
100 Fans
 
07:03 AM on 01/28/2011
No, not users, over 500 million total accounts. There are people that have had more than one and some that are running multiple. I'm on my fourth, the others were disabled. Suffice it to say, I won't be playing anymore games that require me to "friend" people in order to advance (Mafia Wars, Farmville, et al.). There are also a number of accounts that are setup as part of role playing games. I highly doubt that nearly 10% of the global population are on Facebook.
Permalink  |
photo
HUFFPOST SUPER USER
jabailo
(Participant) Texeme.Construct()
333 Fans
 
01:29 AM on 01/28/2011
you know why facebook is a loser? because ultimately it fails at the thing most people expect of it...making friends.

example, i made some comments about the seahawks while they were still in the playoffs...and surprisingly i got 25 likes. hey, i thought, i will try and friend some of these people. but i couldnt just click on the alert and friend.

this happens over and over. the who application is built on sand, the UI is outdated, theres no drag and drop and worst of all, unless you bring your friends into it that you already have, its piss poor for making new friends.
Permalink  |
HUFFPOST SUPER USER
Benjamin Rosenfeld
100 Fans
 
07:10 AM on 01/28/2011
No, no, no, they don't want you to make new friends on Facebook, they want you to only have on there the friends that you already have. There was a time when they allowed it, but that has since past. I remember when they had an advanced search feature that allowed you to search for people by interest and hobbies. Now they're adamantly against it. I view Facebook as the China of social networking. Either do it their way or GTFO.
Permalink  |
photo
HUFFPOST SUPER USER
MikeyJaii
Free $$ For Everyone.
191 Fans
01:12 AM on 01/28/2011
I can see how Facebook may have so much value, they gotten a lot of suckers to be hooked on to this site.
Permalink  |
photo
HUFFPOST SUPER USER
jabailo
(Participant) Texeme.Construct()
333 Fans
 
01:30 AM on 01/28/2011
always room for one more at a "Dinner for Schmucks"
Permalink  |
This user has chosen to opt out of the Badges program
photo
theBooHooBand
treat others as you want to be treated
150 Fans
12:16 AM on 01/28/2011
Article above references "https-enabled browsing", but my Account Security page shows no such thing, nor any way to "enable" it.
Permalink  |
HUFFPOST SUPER USER
Benjamin Rosenfeld
100 Fans
 
07:11 AM on 01/28/2011
The account security page is the only page with https.
Permalink  |
HUFFPOST SUPER USER
logicanada
Blogger, radio co-host, writer, editor, voice-over
1850 Fans
 
11:13 PM on 01/27/2011
What Facebooks new security features mean for you . . .GET OFF FACEBOOK !
Permalink  |
Page: 1 2 3 4 5  Next ›  Last »  (5 total)