Facebook announces two-factor authentication

Share this article:

Facebook on Tuesday announced a number of new initiatives focused on improving the security for its users.

As part of a suite of upgrades, the social media site, which at last tally had more than 500 million users worldwide, is making available two-factor authentication, a feature that can help prevent unauthorized access to a user's account.

This follows a similar rollout by Google's Gmail service in February.

When a user has the two-factor authentication option on Facebook activated, the new feature will ask users to enter a code – in addition to their username and password – anytime they try to log into Facebook from an unknown device, Fred Wolens, a Facebook spokesman told SCMagazineUS.com.

For instance, when a person logs in from their laptop, they enter their password, which then triggers a code to be sent to that user's mobile device, he said. The code, valid only for that particular session, is used to activate the connection.

Facebook also announced it made changes to the way users access the site. Earlier this year, it introduced  "HTTPS," which encrypts communication and offers more secure identification of a network web server. The new development announced on Tuesday automatically switches users back to an HTTPS session if they start using a non-HTTPS application on Facebook.

Company engineers have said that HTTPS may cause pages to load at a slower rate and that some third-party applications may not be compatible with the protocol.

"We're constantly trying to make the system safer, Wolens said. "One of our big objectives is the security of all of our users."

Despite the improvements, some security experts, such as Graham Cluley, senior technology consultant at Sophos, still are concerned about safety and privacy for Facebook users.

In an open letter, he and fellow researchers urged, among other things, that Facebook turn on HTTPS by default.

"Facebook should enforce a secure connection all the time, by default," the Sophos team wrote. "Why wait until regulators force your hand on privacy? Act now for the greater good of all."

But Wolens said forcing all users to abide by the same preferences limits the personal experience.

"It is all about exercising control and giving people choices to keep their accounts secure," he said.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.