Social Networking sites are home to a number of hackers and scammers who want nothing more than to get personal and private information from users. Credit card accounts, addresses, cell phone numbers and even private activities are always on the line when users join into such sites. It is no wonder that social networking sites continuously find ways and means to keep information that users share secured and out of harm’s way from such activities.
Over the past few weeks, Facebook has been sending warnings to its users about their profiles’ supposedly very ‘low’ account security protection. This may be due to some users getting their accounts hacked and exposing information the user might have wanted to be kept private.
All the steps listed here are optional; the user may choose to share or not share any information Facebook asks to secure the account. As soon as a user opens his account, the following prompt appears:
This type of security protection asks a user to list another email address he or she might be using other than the email account used to login to Facebook. A warning about ‘logging back to your account’ should there be ’problems’ indicates that your account may be compromised and thus you should ensure that you answer the prompts to recover your account from bogus and malicious users. Next, Facebook asks the user to further ensure the protection of his account by logging in his mobile number:
Should the user decide to sign in his mobile phone number, Facebook prompts him to fill up the following:
Lastly, Facebook asks that the user chooses a security question and provide an answer to it. This information could then be used to reclaim an account if control is lost over it in the future.
These prompts may give some users comfort knowing that they can easily recover their account should it be compromised. Although it may seem a much better way to ensure a user’s protection though, what Facebook fails to show is that they are asking for additional information that could further harm a user’s privacy.
The Secondary Email
Facebook asks for an alternate email in which to send identity verification steps to a user whose account has been compromised through the primary log-in email account. But has anyone ever asked what Facebook could do with the additional email address a user has provided them? Facebook may interconnect a user further within the social networking jungle or worse, share this info with its partner sites and 3rd party developers. And what would happen should a user have the same password for both accounts? Then control of both may be compromised at the same time!
We recommend you create a separate email account at Gmail, Yahoo, Hotmail, etc. (there are several free email providers) just for accessing Facebook and other social networking sites. Make sure you create a secure password that is different from any passwords you currently use to access other sites. Doing this will make it more difficult for hackers to take control of your Facebook account, while not making your primary email accounts vulnerable to a Facebook hack or phishing scheme.
The Mobile Number
Facebook asks the user for a mobile number. Facebook then gives the user a ‘one-time’ password through SMS as the confirmation code for guaranteeing the user’s identity. This ensures that the user’s mobile phone and his account are now connected. But is it really safe to share a mobile number with social networking sites? What if the mobile number gets picked up by scam mobile subscription groups and SMS messages are sent to the user’s mobile number? What if malicious sites gets hold of the user’s mobile number and sends software that might potentially harm the susceptible user’s phone? What if the user loses his mobile phone and somebody gets hold of his Facebook account through the mobile phone? The point of securing protection may very well be lost if ever scenarios such as these happen.
The Security Question
Of the 3 security upgrades that Facebook is offering, this one is the only thing that isn’t directly related to creating more potential avenues for user contact and advertising spam. The question however is.. how well will Facebook protect your answer to your chosen security question? Obviously, make sure you select a question / answer combination that you are not currently using on other websites – especially those containing sensitive data.
Securing user protection is a wise move, but Facebook should have thought of better ways to ensure the identity of the user should incidents such as losing control of the account happen. What’s more, there are many other non-user related changes that Facebook could take that will increase the security of the network overall. Several that come to mind are patrolling 3rdparty apps better, creating better systems to curb Facebook scams and spam, screening Facebook ads and setting the instant personalization option default to disabled. Lastly, Facebook should never resort to scaring the users that their account protection is ‘low’ just to obtain additional user information.