Facebook announces two-factor authentication

Share this article:

Facebook on Tuesday announced a number of new initiatives focused on improving the security for its users.

As part of a suite of upgrades, the social media site, which at last tally had more than 500 million users worldwide, is making available two-factor authentication, a feature that can help prevent unauthorized access to a user's account.

This follows a similar rollout by Google's Gmail service in February.

When a user has the two-factor authentication option on Facebook activated, the new feature will ask users to enter a code – in addition to their username and password – anytime they try to log into Facebook from an unknown device, Fred Wolens, a Facebook spokesman told SCMagazineUS.com.

For instance, when a person logs in from their laptop, they enter their password, which then triggers a code to be sent to that user's mobile device, he said. The code, valid only for that particular session, is used to activate the connection.

Facebook also announced it made changes to the way users access the site. Earlier this year, it introduced  "HTTPS," which encrypts communication and offers more secure identification of a network web server. The new development announced on Tuesday automatically switches users back to an HTTPS session if they start using a non-HTTPS application on Facebook.

Company engineers have said that HTTPS may cause pages to load at a slower rate and that some third-party applications may not be compatible with the protocol.

"We're constantly trying to make the system safer, Wolens said. "One of our big objectives is the security of all of our users."

Despite the improvements, some security experts, such as Graham Cluley, senior technology consultant at Sophos, still are concerned about safety and privacy for Facebook users.

In an open letter, he and fellow researchers urged, among other things, that Facebook turn on HTTPS by default.

"Facebook should enforce a secure connection all the time, by default," the Sophos team wrote. "Why wait until regulators force your hand on privacy? Act now for the greater good of all."

But Wolens said forcing all users to abide by the same preferences limits the personal experience.

"It is all about exercising control and giving people choices to keep their accounts secure," he said.


Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.