Facebook security measures do not go far enough, say security experts


Facebook security measures do not go far enough, say security experts

Warwick Ashford

Security experts have warned Facebook's latest security innovations against spam e-mail and online fraud may have mixed results in effectiveness and user experience.

The features implemented by Facebook include a known-bad-site blocklist, protection against clickjacking and limited support for two-factor authentication.

Facebook, in partnership with Finnish firm Web of Trust, want to warn users of the social networking site of any risk associated with links they click on.

Analysts say the initiative is a good first step, but offering the Web of Trust rating service to Facebook's 500m users could make it a target for scammers looking to exploit the system.

Internet security and control firm Sophos says Facebook's visible involvement in boosting the security of its users is a positive development, but there is still some way to go.

"When Facebook takes positive steps towards better security we're happy to say so, as we're doing now. But there's much more they could be doing, so we all need to maintain pressure on Facebook to keep on improving," says Paul Ducklin, head of technology, Asia Pacific at Sophos.

Sophos suggests Facebook should implement additional security measures such as a pop-up confirmation dialogue every time users "Like" something, rather than only when a page already known to be suspicious is involved.

Ducklin says an option for two-factor authentication for ever login - not just for those from new device - would also be a good idea.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy