share
by Michael Shapiro | October 15, 2010

Security and privacy concerns have been widely discussed with respect to social media, and rightly so. Much of that tension grows from the potential confusion over just how private these platforms are. As Twitter's popularity continues to skyrocket (from 3 million to 160 million registrants in the past two years), public understanding of its very public nature has grown. Which is to say, there's really nothing private about it, and that's the point. In most cases, what you tweet is available for anyone to read. That's in part why Twitter has become the social media platform of choice during many events — for its immediacy, and for its ability to contribute to a potentially very far-reaching conversation.
 
Facebook, the popularity of which is also growing in our industry, is a different beast. I don't have hard statistics to back this up, but anecdotally speaking, people are more likely to have a lot of personal relationships (and communication) mixed in with their professional "friends" and "likes" on their Facebook profiles. But because we can exercise some degree of control over who reads our posts on Facebook, we're led to believe this is OK. What we want to keep private, we can -- theoretically. Obviously this is why there has been such an uproar over the confusing and consistently changing nature of Facebook's security settings.
 
Facebook has made efforts to address this over the past several months, and this week the company announced some new, innovative security features: one-time passwords, session control and security information prompts.
 
Most interesting is the one-time password, for use on public computers in hotels, cafés and the like. If you're concerned about security, you can use your mobile phone to text "otp" to Facebook at 32665. Facebook will text you back a one-time use password that expires in 20 minutes. This feature is being rolled out over the next few weeks, and it requires that you have a mobile phone number in your account profile.
 
The session control also is useful: You can now confirm whether you're logged in to Facebook on other computers as well, and you can end those other sessions remotely if you are. For example, if you forgot to log out at the office, or from a friend's machine, you can do so from the computer you're currently using. And if someone else has logged in as you, you can end that session and immediately change your password info. Facebook also added security information prompts so that users will keep their security info updated.
 
Now, these ideas may be better in theory than practice; for instance, not everyone will want to upload their mobile phone number to their Facebook profile. (You can keep it private if you do, but you must customize privacy settings to do so, which is in a different place than where you have to enter your phone info. It took me several minutes to figure out how to do this.) The session control, while a great idea, isn't all that easy to find. (You have to go into your account settings, then click "change" next to "Account Security" to see all active sessions.) I don't believe the average Facebook user is likely to ever go looking for these features, either. But the fact that these features do now exist is a benefit for those people who are concerned about security -- and it bodes well for Facebook's continued use as a business tool in our industry, just as long as we proceed with caution.