Facebook via phonePaul Sakuma/AP/Press Association Images

Facebook has started asking its 900 million users for their mobile phone number. It says it is part of a drive to improve security, because it builds in an extra level of protection for your password.

But why does it need your mobile number for this, and is there any risk that this in itself poses a security risk?

The plan

Users are being shown a link on their homepage entitled 'Security on Facebook' and listing three security tips. The first explains how to spot a scam, the second highlights great ways of choosing a good password, and the third asks for your mobile number. The link has not appeared on UK user profiles yet, but is in place in the US and will spread here soon.

The idea is that it gives Facebook an option if your account is hacked into. It can automatically delete your password to prevent the hackers using your account, and can then send users a text to confirm their password has been changed. It is apparently more effective than sending an email, which users may assume is just junk mail - or a scam.

At the moment Facebook blocks an estimated 500,000 accounts day. There are a number of ways back into account, such as identifying friends in photographs or answering security questions. On some accounts, Facebook will send security codes to your friends. You need to telephone them in order to get the codes, submit them to Facebook, and your account will be freed up again.

However, the process can be tortuous - and time-consuming for both the user and Facebook at the other end. The phone number would make things easier for the user and cheaper for the site.

But does this in itself pose a risk?

Facebook has always allowed users to post their contact details - including their phone number on their page. Last year security experts were warning people to remove these details as they posed a risk. Sophos security expert Graham Cluley said at the time: "You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies."

There is also the risk that it provides another option for criminals - who can use multiple approaches in order to convince you that they are genuine.

However, the experts are issuing no such warnings about this latest development. On balance, they say, the benefits outweigh any risks, and the way your mobile details are used and stored will not raise the risk of them being distributed to criminals.

They highlight that in order to get the mobile number they wouldn't be able to hack a single account - they would need to hack internal systems at Facebook where security data is stored - a much trickier prospect.

But what do you think? Would you be happy to hand over details? Let us know in the comments