Facebook Privacy: Zuckerberg Hack Spurs Two New Security Features
Facebook follows up a breach by rolling out new security measures that target hackers. Here's what you need to know.
Social Media Matters
By Kristin Burnham, CIO
One day after Facebook CEO Mark Zuckerberg’s Facebook account was hacked, the social networking site introduced two new security measures. Coincidence? Probably.
According to Facebook, the new features were rolled out to honor Data Privacy Day tomorrow, which is marked by “governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information.” Talk about ironic timing.
On Tuesday, a strange message was posted to Zuckerberg’s profile. It read: “Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011” The post has since been removed.
[Want more tips, tricks and details on Facebook privacy? Check out CIO.com’s Facebook Bible.]
Zuckerberg’s profile hacking follows a Facebook security incident a few months ago when Facebook users revolted in response to a report from the Wall Street Journal that discovered some of Facebook’s popular applications—Farmville and others—had been transmitting identifying information to Internet tracking companies.
An onslaught of articles scrutinizing the incident flooded the Internet, and U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas), co-chairmen of the House Bipartisan Privacy Caucus, sent a letter to Zuckerberg (who was already up to his ears in media scrutiny after the release of The Social Network movie).
The latest compromise once again calls into question Facebook’s ability to protect users’ information. If the founder and CEO of Facebook can’t keep his own page safe, what does that mean for everyone else’s data?
Whether it was perfect timing or a swift reaction to the breach, Facebook was quick to roll out two new security features—secure browsing and social authentication—though few users are aware of them.
1. HTTPS Browsing
In the past, Facebook used HTTPS—Hypertext Transfer Protocol Secure—only when you entered your password. You might also notice this amped-up security feature, denoted by a small lock icon that appears in your address bar or a green address bar, if you’ve shopped or banked online. Facebook is now applying this to all browsing done on the site, and is strongly recommended if you use public computers or access points, such as at coffee shops, airports or libraries.
To enable this new security feature, visit your Account Settings page, then choose “change” next to Account Security. Click the box next to “Browse Facebook on a secure connection (https) whenever possible. Do note that encrypted pages take longer to load in this mode, and that not all third-party apps support https just yet. If you have not yet gained access to this feature, check back soon, as Facebook is in the process of rolling it out.
If Facebook detects suspicious behavior on your account, such as a login from Florida at lunchtime, then another from Europe a few nights later, Facebook will now ask you to verify your identity to ensure your account hasn’t been compromised (I bet Zuck would have liked this feature on Tuesday).
Unlike a traditional captcha, which asks you to retype a string of letters and numbers or words, Facebook will show you a few pictures of your friends and ask you to name the person in those photos.
While these two new features are another step in the right direction toward safer profiles, the hacking of Zuckerberg’s account cheapens the rollout. To regain and maintain the trust of users, Facebook needs to ensure that everyone is informed of new settings when they log in. Otherwise, what good are they?
Kristin Burnham covers Consumer Technology, SaaS, Social Networking and Web 2.0 for CIO.com. Follow Kristin on Twitter @kmburnham. Follow everything from CIO.com on Twitter @CIOonline. Email Kristin at firstname.lastname@example.org.