For most people, Facebook has to keep in touch with friends and family in a whole new way. But security researchers like myself that has led to seven years of new challenges for the security industry. The main problem with social networking and security is that social networks are also social, and when the human mind is involved, the vulnerability can be exploited. I'm talking about human vulnerabilities, those against whom it is difficult to defend.
Because of this, I think Facebook needs to improve the security and privacy features in place so that problems do not grow out of control. With the help of my colleagues, here are seven key recommendations will think that Facebook a safer place:
1. Full HTTPS Meet navigation
Thus, any user can ensure that no one is intruding on their conversations, even if they are browsing Facebook via an Internet connection are trusted. In addition, these tools provide Firesheep attack as completely useless.
2. Implement two-factor authentication
The banks are offering e-tokens to its customers securely access their bank accounts online, but in a world where social networking sites are increasingly important in what we do online, users must also have the same technology to protect their Facebook accounts.
3. Make it clear that Facebook applications are trusted
Malicious Facebook applications are being analyzed and reported by researchers on a daily basis. Facebook needs to do a full security review and approve all requests to ensure that no malicious application makes its way into the profile of a user.
4. Tighten the "recommended" Privacy Controls
At present, it is recommended privacy settings on Facebook easily allow an attacker to become the friend of a friend of a target, and therefore to access the data needed to reset a password of email account, or misuse of personal information. Why Facebook will allow "all" to access state, photos, messages, appointments, bio, favorite and family relationships by default?
5. It allows permanent removal of accounts Facebook
Permanently deleting a Facebook account to ... permanently delete the account. Respect the user's desire to completely erase your presence on Facebook, without worrying that some materials are left available on the Internet, and make permanent account deletion of a simple process that does not require a special request to the customer Facebook.
6. Engage with parental controls
Allow parents to establish accounts with limited access to their children as sub-accounts under his own presence on Facebook. The limited sub-accounts may automatically become full access accounts, once children reach the age of consent.
7. Better educate users
I appreciate Facebook's commitment to educate users about security and privacy in social networks, including the initiative to create pages dedicated to these issues (security of Facebook, Facebook Facebook Privacy and Security). However, no matter what type of protection around Facebook users, privacy features will be useless if the users lack of awareness.