April 20, 2011

Facebook announces two-factor authentication

Facebook on Tuesday announced a number of new initiatives focused on improving the security for its users.

As part of a suite of upgrades, the social media site, which at last tally had more than 500 million users worldwide, is making available two-factor authentication, a feature that can help prevent unauthorized access to a user's account.

This follows a similar rollout by Google's Gmail service in February.

When a user has the two-factor authentication option on Facebook activated, the new feature will ask users to enter a code – in addition to their username and password – anytime they try to log into Facebook from an unknown device, Fred Wolens, a Facebook spokesman told SCMagazineUS.com.

For instance, when a person logs in from their laptop, they enter their password, which then triggers a code to be sent to that user's mobile device, he said. The code, valid only for that particular session, is used to activate the connection.

Facebook also announced it made changes to the way users access the site. Earlier this year, it introduced  "HTTPS," which encrypts communication and offers more secure identification of a network web server. The new development announced on Tuesday automatically switches users back to an HTTPS session if they start using a non-HTTPS application on Facebook.

Company engineers have said that HTTPS may cause pages to load at a slower rate and that some third-party applications may not be compatible with the protocol.

"We're constantly trying to make the system safer, Wolens said. "One of our big objectives is the security of all of our users."

Despite the improvements, some security experts, such as Graham Cluley, senior technology consultant at Sophos, still are concerned about safety and privacy for Facebook users.

In an open letter, he and fellow researchers urged, among other things, that Facebook turn on HTTPS by default.

"Facebook should enforce a secure connection all the time, by default," the Sophos team wrote. "Why wait until regulators force your hand on privacy? Act now for the greater good of all."

But Wolens said forcing all users to abide by the same preferences limits the personal experience.

"It is all about exercising control and giving people choices to keep their accounts secure," he said.


Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.