Facebook security updates – how to make your account more secure

Facebook has recently updated their security settings. In this How-to we highlight some of the updates and the security nuances to help you stay on top of your account security settings. Paul Laudanski blogged about the subject awhile back, if you want to reference that security primer.

When you login to your account, you may now be greeted by an offer to take a tour of the new features, so let's get started:

Facebook inline privacy control

Who are you with?

The first option is to tag who I happen to be with, in this way you can share with friends on Facebook what you’re up to at the time, and what friends or colleagues you may have with you.

Display who you're with

This is handy to make your profile more relevant, it’s also a perfect profiling tool for scammers, identify thieves and other targeted attacks like spearphishing. If a scammer, for example, sees you spending much more time with certain individuals on your friend list, an increased weight can be assigned, signifying importance, of this contact. They say you’ll become like an average of your five closest friends within five years (test that in your own life), this means the algorithms can start to predict with increasing accuracy what that picture will look like. This creates a weighted profile of yourself, so scammers will know much more accurately how to target you. It’s true that’s you’re known by the company you keep – now it’s more true than ever.

I opted out of the feature, not just because I have no friends, or ones that want to be seen with me. I think my friends deserve not to be snooped on by scammers, and if scammers know they’re with me at the time, there’s a lot that can be inferred about their preferences from that information, not just what bad restaurant we’ve chosen. The scammers would, for example, know that they aren’t likely at home, and so physical property scams would be more likely at the friend’s house, all without their knowledge. That can’t be what friends are for.

What is your location?

Here you can opt to display where you are located when you update your status:

what's your location

Notice the “Add Location” was checked by default. It seems like a handy feature, after all, you can keep up with your friends a little better this way, and they can keep up with you, find out where you are, what you’re doing etc. Keep in mind, a scammer might want to know the same things. If you took a picture of the beach two minutes ago, and you live hundreds of miles from any beach, it’s safe to say you’re not home. This type of information opens the door to physical threats against your home, after all, you won’t be home within a couple hours at least.

I clicked “Don’t Add Location”, I’ll just have to let my friends know where I am the old fashioned way – call them.

Control privacy when you post

Here you can determine the audience for your status updates:

control privacy when you post

You have these choices:

Who can see your status

It’s nice that they mention Public vs. Everyone. Public has a way of letting you know that pretty much anyone can see content that’s Public, not just Everyone who’s your friend. To quote Facebook, “The setting still means the anyone on the internet can view this content, and any of your past Everyone posts are still visible to the same audience.” Facebook calls this the “inline audience selector.”

Sharing overview

I clicked on the link at the bottom of the dialog box that says “Learn more about what’s new” and it takes me to a page with a nice overview:

How sharing works now

Account settings

Now let’s head over to account settings and look around. Here it tells you the last time you changed your password:

change your password

If it really is never, you can change that here.

Security settings

Now let's look at the Security Settings section. Here you can change various settings so we'll examine some of them and see what they do:

facebook security settings

Let’s start by enabling Secure browsing, so your traffic will be encrypted while you’re logged in. This makes it more difficult for prying eyes to intercept your communication with Facebook and do nasty things. It’s simple and it’ll give you a nice little boost in security, so why not?

It’s not enabled by default, but you can enable it like this:

select secure browsing via SSL

When you do enable https, Facebook should automatically re-direct you to the https:// version of the site, instead of the regular http://. The next time you login, it should do the same.

Login notifications

Next, we enable Login Notifications. This will send you an email when someone logs in from a new device. Typically, you use just a few devices to access Facebook, so if a scammer logs in from somewhere on the other side of the world, now you will know. A good idea to play it safe, so we enable this as well.

enable login notification

Login approvals

Here you can choose to specifically allow/deny a login from a computer the system hasn’t seen before. If you only access Facebook from a single (or a couple) devices, this might make sense. If you work on the road from a variety of platforms, the extra steps might become a burden. Your level of paranoia is also a factor. If you think you need this feature, enable it. In this example, we leave it disabled.

Login approvals

App passwords

Third party apps would appear to the main Facebook site as a third party attempting to access your information. If you had Login Approvals enabled, you’d get a notification each time the app tried to access information, a possible big pain. If you use this feature, you generate login information for the app, and then it uses it to access your information.

App password

So if you turned on Login Approvals, you might like this too, unless you want a lot of notifications, or don’t use third party apps.

Recognized devices

This is a list of the devices that are approved to be used to log in to your Facebook account, if you enabled the Login Notifications above. There should be a list of devices, which you will be prompted to provide names for. If some device not listed tries to login, it will question whoever is attempting the login.

Recognized devices

Active sessions

Here, you can see who’s currently logged in, and kick anyone out who shouldn’t be there. It will also try (with varying degrees of success) to tell you what type of OS and browser they use.

Active sessions


Facebook has seen meteoric growth in the past few years, and has been busily trying to match the growth with a matching security stance, no small task. Expect them to continue to roll out changes, and expect to need to keep on top of your security settings to stay protected. In the future we may do another blog as new changes are rolled out.

Author , ESET

  • Jason

    Try playing any games in FB with  Secure browsing enabled.  It just won't happen until you disable it.
    Also, any comments, likes, posts, etc., WILL show up in the sidebar for all your friends to see regardles of your privacy settings.  So much for privacy..huh????

  • Elizabeth

    Thjs is good information, neatly compiled. I intend to share it with my blog readers (with credit, of course). Thanks!.

  • Bev

    Have they taken away the option to allow a friend to see everything on Facebook like normal, view wall posts and pictures, and even chat, but still prevent them from leaving a comment? I need this, as I have a relative I don't want to block, but want her to see my status updates and not guess which one she will pick to make a rude comment on.

  • Yuri Chie

    i hate facebook.. many times i tried to fix my fb account but it doesn't work at all

  • Sonia

    I love Facebook! How can anyone complain when this is a free service, and from what I hear, always will be!! It provides  me  the access to all of my family members and friends who live to far away to visit, and I have even reunited with school mates I havnt talked to for 30 yrs. So if you dont like Facebook( Or you just arnt appreciative), dont use it!!! Once again "I LOVE YOU FACEBOOK!!" Thank you for the free service. For those of you complaining, I dont think a few glitches is to much to tolerate, considering you pay nothing!! Quit complaining!!! 

    • David Harley

      Sonia, no-one doubts the benefits of social networking, and many security people also use Facebook. But Facebook is not a charitable organization, it’s a business. What you’re losing sight of is that Facebook is free to _you_ because it’s selling your data, and sometimes the way in which it operates puts your online safety at risk. You may not be worried about your own data, but it’s entirely reasonable that other FB users should take reasonable precautions with theirs.

  • Joseph laus

    hello to whom it may concern
    why I.ve been told that I cannot add friends for 30 day cause i sent a lot of adding friend when in fact I did not
     can There be a mistake or some one tampered with my  account Thank Hope i get an swer

    • David Harley

      Joseph, I’m afraid you’ll have to contact Facebook for a definite answer on that one. You can, of course, check on your list of friends to see if there are lots of people you don’t know.

  • Rachel

    I updated my status last night and people are commenting on it and I cant see their comments.  It sometimes doesnt even show up on my homepage.  The only reason I know they are commenting is because I get messages to my phone.
    Those commenting cannot see their comments either.
    Please help!

  • Judy Fuchs

    Didn't understand what you wanted in Website block.  I cannot find any security settings under my profile? Don't remember receiving any msg about taking a tour of the new options.  I have privacy settings & profile settings – that is all that's listed.

  • Amra Zonic

    Please help me somebody blocked my profile and I have not update in account .My accout on the facebook is

    • David Harley

      Amra, you need to take this up directly with Facebook. This isn’t something we can fix for you. You should be able to find an appropriate link via the Facebook Help Centre: try https://www.facebook.com/report/.

Follow us

Copyright © 2017 ESET, All Rights Reserved.