iMore than one billion people currently use Facebook to keep in touch with friends and family and also do business. Privacy concerns and the security of user accounts have been in the news regularly during the past few years.
Many social media sites, including Facebook, have layers of safety measures and security protocols in place to help keep your information secure–but one of them has a serious flaw that should be corrected.
Attempting to log in to a Facebook account from a location that has not been logged for that user before will trigger Facebook to have you prove your identity to make sure your account is not compromised (thanks, Facebook!).
My company provides content and social media support to several law firms. I ran into this problem recently when I tried to log into a client’s account to make changes. Facebook gave me two options to choose from:
-
Provide the first 6 digits of the credit card on file or
-
Identify people in your friends list by name
I emailed the client and asked for the firm’s credit card information, but after an hour of waiting and wanting to get the task off my plate I decided to try my hand at the second option.
When the process of identifying people on their list began I quickly realized that, if their friends list is public information, this should be pretty easy. I logged into my personal Facebook account, went to their profile and viewed their friends list.
Many of the images were from tagged photos and not just their profile photo, but thankfully Facebook made it easy by giving me a multiple choice list of names to choose from.
By searching for each name in their friends list and matching up their profile photo to the photos that Facebook presented me, I was able to log into their account within five minutes of starting the security check.
Facebook needs to rethink its security protocols to help keep people’s information safer. As a precaution in the meantime, it would be worth it for everyone to check their privacy settings to make sure as little of their information as possible is set to public.
