No one's Facebook profile is safe

When both the Facebook founder and the president of France are targeted by hackers, it's time to revisit your security settings

As I said in my previous post "Facebook con artists on the rise," breaking and entering on the social network seems to be an an epidemic. Aside from personal acquaintances who've been hacked or know someone who has, the news is also rife with examples of Facebook tomfoolery, with two high-profile cases this week: the president of France and Facebook founder Mark Zuckerberg's fan page.

President Sarkozy was quick to point out that there was a lesson in the attack -- one that leaders ought to consider once in a while: "No system is infallible." The team over at Facebook seems to have gotten that message. Just as systems -- whether in government, law enforcement, or nature -- have to change in order to survive, so do social networks.

[ Be on the lookout for scammers taking advantage of Facebook's reach -- and users' obliviousness. | Frustrated by tech support? Get answers in InfoWorld's Gripe Line newsletter. ]

Demonstrating the system's adaptability -- quickly, judging by the response to the Zuckerberg hack -- Facebook announced two new security measures this morning. The first is an HTTPS login that allows you to visit Facebook on a secure connection. "We are rolling this out slowly over the next few weeks," says the site in a public announcement, "but you will be able to turn this feature on in your Account Settings soon."

The second is called "social authentication." It takes the idea of the CAPTCHA -- the security measure that asks you to eyeball mangled letters, translate them to English, and type them into a box before you can log on -- a step further. Before you can log on, the system taps your social network and quizzes you on who you know.

If, for example, the site sees you logged in from Denver in the morning and London in the afternoon, it might ask you to authenticate your identity by displaying a picture of one of your own friends and asking you to choose his name from a list. (You might want to take a look at your privacy settings to be sure the hacker community can't browse for the answer.) This could prove embarrassing for those of us who are very bad with names and faces or who have a zillion friends on Facebook.

This isn't the only recent security update. Back in October, the company announced one-time logins and remote logouts as new ways of staying ahead of the bad guys. If you are using a public computer, for example, and don't want to reveal your login to it -- or the people milling about -- for fear of a security breach, text "otp" to 32665 from a U.S. mobile phone. You'll receive a one-time-use password that expires in 20 minutes.

If you've already signed in from another computer, you can check to see if you remembered to properly log out. In fact, you can check to make sure you recognize all the recent logins to your account. Go to the Account Settings page, look under Security, and see what computers and their locations (based on IP address) are currently logged into your Facebook account. You can sign out of any of them from this panel and opt to be alerted by email or text whenever your account is accessed.

But given all the celebrity hackings, I'm starting to wonder if having your Facebook page hacked is now a sign of social status. Maybe we've reached the point where you aren't somebody till somebody has hacked your network.

Got gripes or questions? Send them to christina_tynan-wood@infoworld.com or @xtinatynanwood.

This story, "No one's Facebook profile is safe," was originally published at InfoWorld.com. Read more of Christina Tynan-Wood's Gripe Line blog at InfoWorld.com. For the latest in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies