Network Security, Security Strategy, Plan, Budget

Facebook announces two-factor authentication

Facebook on Tuesday announced a number of new initiatives focused on improving the security for its users.

As part of a suite of upgrades, the social media site, which at last tally had more than 500 million users worldwide, is making available two-factor authentication, a feature that can help prevent unauthorized access to a user's account.

This follows a similar rollout by Google's Gmail service in February.

When a user has the two-factor authentication option on Facebook activated, the new feature will ask users to enter a code – in addition to their username and password – anytime they try to log into Facebook from an unknown device, Fred Wolens, a Facebook spokesman told SCMagazineUS.com.

For instance, when a person logs in from their laptop, they enter their password, which then triggers a code to be sent to that user's mobile device, he said. The code, valid only for that particular session, is used to activate the connection.

Facebook also announced it made changes to the way users access the site. Earlier this year, it introduced  "HTTPS," which encrypts communication and offers more secure identification of a network web server. The new development announced on Tuesday automatically switches users back to an HTTPS session if they start using a non-HTTPS application on Facebook.

Company engineers have said that HTTPS may cause pages to load at a slower rate and that some third-party applications may not be compatible with the protocol.

"We're constantly trying to make the system safer, Wolens said. "One of our big objectives is the security of all of our users."

Despite the improvements, some security experts, such as Graham Cluley, senior technology consultant at Sophos, still are concerned about safety and privacy for Facebook users.

In an open letter, he and fellow researchers urged, among other things, that Facebook turn on HTTPS by default.

"Facebook should enforce a secure connection all the time, by default," the Sophos team wrote. "Why wait until regulators force your hand on privacy? Act now for the greater good of all."

But Wolens said forcing all users to abide by the same preferences limits the personal experience.

"It is all about exercising control and giving people choices to keep their accounts secure," he said.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.