Change your Facebook account settings for better privacy and security

Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook :) Little privacy, but a whole lot of settings! Check it out at http://blog.eset.com/2011/05/25/facebook-privacy

Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face of Facebook Security and mentioned a new security feature that will encrypt your session so that you don’t fall victim to attacks such as Firesheep.

Initially the new feature was not available to everyone. It took a while before it showed up in my profile options, but I think by now just about everyone can use the

feature. You can enable a secured connection to Facebook each time you log in. This means that when you are using Facebook at your favorit

e public Wi-Fi hotspot your Facebook account will be secure. Unfortunately this option is not enabled by default as it should be, so you need to set it yourself and I will show you how. When you log into Facebook go to Account settings as shown below.

 

 

 

 

 

 

 

 

The next step is to click “change” to the right of “Account Security” as shown below

 

 

 

Now enable the checkbox for “Secure Browsing (https)” and you are all set.

 

 

 

This is a simple thing you can do to make your online experience a little bit safer.

Randy Abrams
Director of Technical EducationCyber Threat Analysis CenterESET North America

Author ESET Research, ESET

  • Jan Doggen

    I suggest people also download the Facebook Privacy and Security Guide from socialmediasecurity.com and walk through to update all Facebook security settings. socialmediasecurity.com/…/Facebook_Privacy_and_Security_Guide.pdf

    • Randy Abrams

      They have some good advise. The PDF is in the upper right hand corner of the web page. Also see blog.eset.com/2009/09/08/armor-for-social-butterflies

  • James B. Wheat

    Thank you Randy. Everyone using facebook should follow your advice. Thanks for your blog.

  • snipe

    FYI, this is actually less handy than it seems. When you enable HTTPS-Only for FB and encounter an HTTP application (any app that hasn't specified an HTTPS canvas page url – which is most of them right now, since that option just came out last week), it will prompt you to switch to HTTP mode. what they don't tell you is that if you make the switch to HTTP mode to view the insecure application, it will actually reset this option in your preferences so that the next time you go to Facebook.Com, it will be HTTP, not HTTPS. I imagine this might be a bug that they'll fix at some point, but it's just something to be aware of. Facebook never prompts you to switch back to HTTPS-only once you're done with the HTTP app, so you have to go back and manually reset it to HTTPS.

    • Randy Abrams

      I’m checking with FB security about this. I do not use any FB apps at all, so it hasn’t been an issue. The one time I did see the message to switch I declined to.

  • Randy Knobloch

    Hi Randy,
    There is not a lot a point going forward if Facebook has a global monopoly on advertising via the plugin API. The account settings page, is riddled with unblocked ads, unbeknownst to me until I read this. Thanks for writing. News at 11:00.

    • Randy Abrams

      The advertising is a separate issue. The point of https is to prevent session hijacking by someone using Firesheep or a packet sniffer.

  • Nikka Calamba

    This is a good advise. I will definitely do this to be have a safer facebook experience.

  • snipe

    Yeah, you can easily reproduce this issue. I know they're aware of it, but I don't know if they consider it a bug or a feature.

    • Randy Abrams

      I have confirmation that Facebook is aware of the problem and making changes so that the system will remember your SSL preferences. Ultimately it is up to the developers of the apps to take privacy and security seriously and make their apps work with SSL.

  • Kevin Curtis

    Note on fb, if you decide to play a game, ir Tetris, etc. Your settings will be changed back to http:\ . You will need to manually change them back after playing, etc. Don't forget!

  • linda

    Thank you for the information. I was wondering, if you create your own app that integrates your website to facebook, how important is it to offer ssl from your hosting company? I couldn't view my own page because my security settings were set to secure browsing. I am wondering now if I should add ssl to my hosting company site.

  • Randy Abrams

    For Facebook it is very important as non-ssl apps degrade a user's security if they have elected to use SSL.

  • Judy

    Thank you. Your instructions were so clear and easy to follow.

  • Kim

    Amazingly enough, I haven't been able to access my Account Settings for the past few days.

  • Patty

    I'm convinced that the most important security measure you can take on Facebook is to severely limit the number "Friends". 
    Whatever risks there are from using Facebook are multiplied directly by the number of "Friends" a person has. Even if you set all your privacy settings, Facebook often changes them, and there are various ways that your private information can be accessed through your "Friends'" accounts.
    It's like a closed room full of people sneezing and coughing, most without even considering covering their mouths. You can "protect yourself", but it's much better if there aren't "500 Friends" sneezing on you.  :-)

  • Joy

    Thank you so much; had not done this but it is set now. Also, thanks for the steps to accomplish this.

  • Dave Rooten

               
    Thank you

  • Dave Rooten

    Thanks Randy.  ESET Rocks and is the safest ever.  I have never had a problem since having ESET,  you guys are the best of the best.
     
    :)

  • Trena

    Thank you so much for this service to help so many individuals!

  • Luis

    Thank you Randy

  • Christy

    Thank you very much.  I did not know this. :)

  • Melissa

    Ok, this is pretty ironic. None of the images on this page are showing and I’m getting the following warning in Chrome:

    “You attempted to reach blog.eset.com, but the server presented a certificate issued by an entity that is not trusted by your computer’s operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site.”

    • David Harley

      Thank you, Melissa. I can’t reproduce the problem here but I’ll pass on the information to the web team.

  • jenny

    I changed my account on facebook to https, Id like to return to the http setting but im unable to. Ive tried loggin off and back on again like it says to but its not coming off.

    • Randy Abrams

      you have to go back to account settings where you changed it to https to change it back

  • Crystal Sifford

    Ok, I saw this message in one of my friend's status. So I did it. Now it's saying it is unsecure. I changed it back, and still unsecure. I logged on my phone and got a warning about the certificate. I had to cancel 5 times, then it let me through, and it was secure. I use Google Chrome, so I was wondering if that was the issue. I logged on with Internet Explorer and it was secure. Any advice on how to fix it on Google Chrome?

    • Randy Abrams

      You will need to check with Google for support issues with Chrome.

  • Ida

    As of April 24th now the option to enable https is now on the top of you news feed page. If you leave to play a game it switches back to http but when you return to your home page just below the news feed it says to enable https again
     

    • Randy Abrams

      I’ll have to do some testing. I had seen that behavior before, but it was not consistent across Firefox, IE and Chrome.

  • Ida

    This everything  ev This will keep my Facebook page secure but how do I encrypt all my website searches from a wi-fi location? thanks for all the great tips.

    • Randy Abrams

      To encrypt your web searches you need a VPN. alternatively you can use firefox with the https everywhere plugin and search using google. You can also type in and then search using the search page there.

  • L

    This explains this feature in an easy to understand manner ! Thanks!

  • John

    I made the Secure Browsing Connection switch, However, If you then do try using an application such as Farkle, You get a pop up that says you cant use the application while using a secure connection and to do so you have to allow to be switched back WTF, It does say that the next time you log in will again be secure, But now I have to continue to check each time just to be certain.

  • Jill

    Clearly I missed a lot of this.   Now, however, because I once switched to secure only to find it severely got in the way of my fb browsing, gaming, and sometimes commenting on posts, I switched OFF the secure.  However, at seemingly random intervals FB goes to https and that really gets in my way.  I have to log off and log back on to return to my choice of http.

  • Dianne

    I used this setting and now most of the time it will take me to facebook but when I try to get onto one of my games it says I need to log in. How do I get rid of this security thing? Please help me as it's getting me very frustrated.

    • David Harley

      I’m not sure if I understand your problem correctly (are you talking about Facebook games?), but you should be able to disable secure browsing if you need to, using account settings> security > browse facebook on a secure connection (https) when possible. Just uncheck the box and save changes.

  • Ingrid Royc

    This evening someone posted on my wall a picture of a singer and said that it is me with several other people's comments listed  below wondering who she is.  The picture is not of me. This is false.  How was this person able to post on my wall when my security settings is set for friends only and this person is not a fb friend of mine. 
    I ended up blocking this individual.
    I tried to contact facebook about this or the developer however, I could not find the place anywhere of where to make a complaint to submit.  Any suggestions will be greatly appreciates

    • David Harley

      You should be able to contact Facebook via the Facebook Help Centre at http://www.facebook.com/help though you may have to jump through some hoops first. There’s a page about reporting violations that you can reach via “Browse Help Topics”. If you’re tagged in a photo, you should be able to use the Remove Tag link, but my understanding is that only friends are supposed to be able to tag you.

  • Ingrid Royce

    I have ESET for three computers.
    This evening someone posted on my wall a picture of a singer and said that it is me with several other people's comments listed  below wondering who she is.  The picture is not of me. This is false.  How was this person able to post on my wall when my security settings is set for friends only and this person is not a fb friend of mine. 
    I ended up blocking this individual.
    I tried to contact facebook about this or the developer however, I could not find the place anywhere of where to make a complaint to submit.  Any suggestions will be greatly appreciates

    • David Harley

      Answered as per your previous posted comment. Please note, though, that we are a small team of people who blog some of the time, not full time bloggers: we can’t monitor the blog constantly for comments and can’t, therefore, always respond immediately. And while we’ll try to help with queries if we can, whether or not you use ESET products, we aren’t actually resourced to do support for ESET products or for anyone else’s products and services, either through the blog or by email.

  • Jad

    hello,
    i have a probem when posting on a wall, no body can see my wall post, and a provacy bottom it has to be near the share bottom i dont have also in my account, can someone help please !!!
     
    thanks in advance

  • Francine Saitta

    I must have a very odd Facebook.  I am unable to follow these directions because when I try, I see something very different then you present.  When I go to "Account Settings", I do not have an option to "Change Settings".  It just shows, "edit".  When I hit edit, it says: You have temporarily turned off secure browsing in order to access an unsupported application. To enable secure browsing again, please logout and login again.  This is frustrating because it enitially shows that my secure browsing is disabled.  There seems to be no way to enable this.  HELP

    • David Harley

      Francine, I’m not a Facebook expert, but it sounds as if your Facebook looks much the same as mine: presumably you went Account Settings>Security Settings>Edit to change your settings. However, I don’t have a problem enabling/disabling secure browsing from that screen. It sounds as if it’s disabled in your case because an application requires it to be (whether it’s a malicious app or not, I wouldn’t be able to say). I guess you need to go to Account Settings>Application Settings and see if there’s anything there that shouldn’t be. Either way, it sounds as if there is something you have to remove to enable secure browsing, or else live without it.

  • andigambottibrennan

    when I went in to Secure Browising  I tried to click save, butit will no twork it looks disabled Can You helpl me, Please   sincerely Andi Brennan

  • Ankur

    i am showing online on my other fb firnds account while i am online
    i use fb from my laptop 
    and some time from ebuddy on mobile 
    but now i had log out both 
    how is that possible

    • David Harley

      @ankur, I’m afraid we really can’t do one-to-one product support on the blog, especially when it’s not our product: it sounds to me as if you need to either contact Facebook or check one or more general support forums.

  • sushmita jadhav

    please can u tell me how can i close my fasebook account or how can i change my fasebook 's passward?please suggest me any idea.as soon as possible u tell me. thank u very much.

    • David Harley

      Sushmita, you can get that sort of information from the Facebook Help Centre: in the Manage Your Account centre.

  • John Galt

    If anyone facebooks you have got to follow these words of wisdom. thanks for sharing

  • sowjanya

    As i was very much afraid of my PC. you helped me a lot in saving my accounts and even about anti-spyware.

  • fiesty

    Yeah for some reason there is an primary email addres son my facebook account. I need to get rid of it but then i forgot my password but every time i try to change my password that certain email account keeps coming up and its not mine! How do i change this?

  • Colin Hall

    Hi, Good points raised here. I have recently had a client who had his FB attacked by an old 'friend' who then set about making rude comments on all of his other friends, in an attempt to ruin his reputation. It took him a few days to realise that something was amiss, but far longer to remember that his Twitter and Linkedin accounts were also protected with the same password … too late !
    My advice would be to give all of your accounts totally unrelated passwords, no matter how awkward it makes things for you.
    Cheers
    Colin

  • syeda asiya

      can login to my account but the login page is not displaying any images (All are in text)  [edited]

    • David Harley

      Sorry, but we’re not in a position to do 1-1 support for Facebook: you need to contact them via their help pages.

  • manoj k

    Thank u for information..!!!!

  • Dharma Durai

    One day i would create an account in facebook. That Email ID not creating well. So i want to create again to that same Email ID, but it is not possible. When i would sign up then it will says Email ID is already used. Then i will sign in then it will says invalid User ID.

  • sai

    I cant log in my account in Facebook was saying that my account is temporarily locked,how can i log in my account please tell me…………………..

    • Stephen Cobb

      We cannot provide Facebbok support on these pages, but you might find the answer here: My account’s locked. How do I complete the account recovery process and reset my login info? https://www.facebook.com/help/228372557180280/

  • dharleyatESET

    I think you really need to contact Facebook to solve that problem, Colleen. Sorry! Try the help page in the first instance: https://www.facebook.com/help/?ref=pf

  • Chaitanya Amzala

    My name is chaitanya, i have updated my birthday date 2 days back but i have updated it with wrong month that is may instead of june but i am unable to change it now can you please give me some solution i need it urgently because my birthday on this month 23rd.

  • dharleyatESET

    Ayushi, you need to contact Facebook’s own customer support. Try this in the first instance: https://www.facebook.com/help/?ref=pf

  • dharleyatESET

    Nina, you need to contact Facebook’s own customer support. Try this in the first instance: https://www.facebook.com/help/… It’s unlikely that your problem is due to a virus, but ESET has a FB app that you could try: http://www.eset.com/social-media-scanner/

  • tishaz01

    Hello Well I cannot sign in on fb Using My Computer When i do.. it does not response.. a white page appears and keeps stays like that all the time.. but when my friend sign in on fb on my computer itself .. her account works but mine does not..

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

22 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.