Facebook security measures do not go far enough, say security experts

The features implemented by Facebook include a known-bad-site blocklist, protection against clickjacking and limited support for two-factor authentication.

Facebook, in partnership with Finnish firm Web of Trust, want to warn users of the social networking site of any risk associated with links they click on.

Analysts say the initiative is a good first step, but offering the Web of Trust rating service to Facebook's 500 million users could make it a target for scammers looking to exploit the system.

Internet security and control firm Sophos says Facebook's visible involvement in boosting the security of its users is a positive development, but there is still some way to go.

"When Facebook takes positive steps towards better security we're happy to say so, as we're doing now. But there's much more they could be doing, so we all need to maintain pressure on Facebook to keep on improving," says Paul Ducklin, head of technology, Asia Pacific at Sophos.

Sophos suggests Facebook should implement additional security measures such as a pop-up confirmation dialogue every time users "Like" something, rather than only when a page already known to be suspicious is involved.

Ducklin says an option for two-factor authentication for every login – not just for those from a new device – would also be a good idea.

This story was first published by Computer Weekly

What’s hot on Infosecurity Magazine?