Fact-check: “BFF” security check in Facebook

April 20, 2018
Privacy Technology

Every so often, someone very clever realizes that they can use a legitimate feature to bring about unexpected results. For example, when Facebook introduced a feature known as Text Delight in 2017, some very clever users realized that certain phrases triggered text-color changes and animations, and they could tell their friends that the results meant something else: for example, “Type ‘congrats’ to see if you’re an instant winner!”

You didn’t win anything; the animation is automatic

Recently, with the topic of personal data security more popular than ever among Facebook users, a rumor buzzed around about how users could perform a very easy check on their Facebook security. The rumor was that typing the letters “BFF” into a post or comment would get you an automatic security check. If the letters turned green, rumor had it, that meant you were fine.

One of the many BFF-related posts on Facebook

It’s a hoax


Think about it — the idea is pretty ridiculous. But the Cambridge Analytica scandal had some users taking the drastic measure of deleting their accounts entirely; a three-letter security check must have seemed much more tempting. The truth is, until those rumors gained attention, causing Facebook to remove “BFF” as an activator, typing it into a post or comment would actually result in the letters turning green and trigger an animation of two hands high-fiving.

Even if you could run a security check by posting something on Facebook, why in the world would Facebook choose “BFF” as the command?

There are a couple of good reasons not to believe such hype.

First, as we’ve warned in the past, some nefarious Facebook data collection schemes rely on people’s willingness to post personal information — see any quiz that ultimately reveals your birthdate or pet’s name. Avoiding that sort of post should be a no-brainer. Second, BFF isn’t a secret word; it’s a common abbreviation for “best friends forever” that has nothing whatsoever to do with security.

Finally, we honestly can’t imagine the point. Type “BFF” and you may not have given up any information, but you’ve outed yourself to your actual BFFs as a total sucker.

Practice safe posting

In the wake of growing user discontent, and particularly following the Cambridge Analytica uproar, Facebook has boosted its privacy and security measures, but you will need to take a few minutes to review yours. Also, take advantage of Facebook’s offers to reveal what data of yours the game du jour scooped up, and any other help it suggests on that front.

For future security on Facebook and other social media, we offer the following tips.

  • Consider how the things you post could possibly be used against you. That means not posting about being out of town until you’re back at home, for example. Even friends don’t need to know everything.
  • Update the apps you use to access Facebook, whether that’s a mobile app or a browser. Outdated versions can contain vulnerabilities.
  • Deny third-party apps and services access to your social media accounts. The time you save is not worth the data they get.