Online privacy is something that we should all be aware of, whether the arena is online shopping, chat, email or social networking sites such as Facebook.
The potential risks and pitfalls of sharing too much information on Facebook have been covered numerous times, but if you take advantage of existing technologies to sign in to Facebook and use their own notification system, you should find that the experience of logging in is made all the more secure, which should add some confidence in the service.
Facebook makes it possible for you to set up secure browsing using HTTPS as well as configure login alerts. These tools are ideal for maintaining control of your social networking account, and as they’re reasonably easy to set up this is something that you might like to share with all of your friends and family, or certainly those with any concerns over online privacy.
Activate Secure Browsing on Facebook
It’s surprising that more isn’t made of secure browsing in Facebook as it is very easy to setup.
Begin by signing into Facebook and then use the Account > Account settings menu option in the top-right of the website. On the Settings tab find Account security and click Manage. You will find the Secure browsing (https) option listed with a check box that you should fill if you wish to Browse Facebook on a secure connection (https) whenever possible. Click Save when this is selected, and then Log out via the Account menu.
When you return to Facebook, you will notice that it doesn’t by default offer the ability to sign in securely with HTTPS. In order to do this you will need to manually change the URL in the address bar from HTTP:// to HTTPS:// - not the best method!
It is really only in the Account > Account settings page that secure browsing is currently available, something that you will be able to recognize both via the switch from HTTP:// to HTTPS:// but also the addition of a padlock in the status bar of your browser and a secure flag in the address bar.
Setting Up Login Alerts
Neither secure browsing nor login alerts are activated by default in Facebook. To take advantage of the very useful login alerts feature, you will need to sign into Facebook and enable it in your account settings.
This is done by accessing the Account > Account settings screen, and scrolling down the page to find Account security. Click the Change link to expand the options, and look for Login notifications. Initially you will see two options that instructs Facebook to either send an email, send a text message, or both when your account is accessed from an unrecognized device.
Once you have decided which one of these options you wish to use, move to the Login approvals and decide whether you want Facebook to send a security code to your phone. This is used to confirm access to your account from new devices.
What’s really good about this system is that you can refer back to the Account security section and via the Your recognized devices list see an audit trail of devices that have been used to sign in to your Facebook account.
You might opt to Remove some devices (such as those used in libraries or in cybercafés, for instance) but in addition you can also view the most recently used devices that have accessed your Facebook account and prevent any future use from them.
This is done via the Account activity section; the information displayed details the time Facebook was last accessed, the name of the device and the approximate location. Information about the device type and the browser is also included, and to prevent any of these devices from accessing your account without checks in future, simply use the End activity option.
Remember to Save any changes you make here!
Why Isn’t Secure Browsing Configured By Default?
This is a very good question, and one that we would love to know the answer to. So far, Facebook have avoided discussing the limits to the scope of secure browsing on their website, but the limits are more than likely the result of operational and infrastructure issues. After all, it requires more processing power to manage a secure connection than it does a non-secure one. Therefore, were Facebook to activate secure login and browsing for all of their many millions of users they might have quite a performance issue on their hands…
Strangely, however, login alerts are also not setup by default. This is potentially a more serious oversight than the problems with HTTPS, as login alerts are a great, email-based way to stay up to date with which devices you have used to access Facebook. With this enabled, whenever you login from a new computer, phone, or tablet, you’re asked to provide a name for that device, which is then emailed to your primary Facebook account.
This is a great way of being aware of any unauthorized activity on your Facebook account, so it is curious that this shouldn’t be available automatically.
On the plus side, however, Facebook has become much better in recent months regarding privacy issues, but there remain risks, such as receiving friend invitations from strangers. As such, you should constantly be vigilant and on your guard when using the website.
Author’s own experience.
Login notifications, https://www.facebook.com/help/?page=1079#!/help/?faq=17314
Screenshots provided by author.