As part of the Facebook account security feature, Facebook sends various notification e-mails. All these notification e-mail messages are in plain text. For notification e-mails like "Login Alert", it is not a big problem if the mail content is plain text as it does not contain anything important. However, in the case of password reset request e-mail, it is a problem since the reset code is sent in plain text. If your e-mail account is compromised, for example by a session hijacking method, the hacker has access to your e-mail account until the session expires so they can request Facebook password reset and easily take over your Facebook account.
Note: How your account got session hijacked is outside the scope of this blog but typically, it can happen when clicking on phishing e-mails or visiting infected websites etc.
Recently (Jun 2015), Facebook introduced an option for users to request all notification e-mails in encrypted form. If you are already using or familiar with PGP, you can now provide your public key to Facebook so it will use it to encrypt all e-mail communications to you. Go to your Facebook profile and navigate your way to the "Contact and Basic Info" section of the "About" page (or click here https://www.facebook.com/me/about?section=contact-info).
See the screen shot below where I entered my public key.
Once you enter your public key (make sure to check the box to enable encrypted notifications) and save changes, you will get an encrypted mail from Facebook. You then decrypt the mail using your PGP tool and confirm using the link Facebook sends you. After this, all e-mails from Facebook will be encrypted using your public key so only you can decrypt it. In addition, you need to add Facebook's public key to your PGP keyring so you can verify the signature of the encrypted e-mail to ensure it is from Facebook. The key is at link below.
See this whole process in action--- Few days ago, someone tried multiple times to reset my Facebook account. For every attempt, I get an encrypted e-mail from Facebook as shown in the screen shot below.
Below is the screen shot after I decrypted the content using my private key.
So even if my e-mail account was compromised (highly unlikely), the hacker can't read the code sent by Facebook to reset my password since he can't decrypt the mail without my private keys. For PGP encryption/decryption, I use Google's 'End-To-End' chrome plug-in (not available in chrome Web Store yet but you can download source code and compile it). However, there are other tools and browser plug-ins readily available which you can easily install in your browser (chrome or firefox) to use PGP.
If you are new to PGP, the read the link below for a quick introduction before getting started on using Facebook encrypted e-mails.