April 20, 2011

Facebook announces two-factor authentication

Facebook on Tuesday announced a number of new initiatives focused on improving the security for its users.

As part of a suite of upgrades, the social media site, which at last tally had more than 500 million users worldwide, is making available two-factor authentication, a feature that can help prevent unauthorized access to a user's account.

This follows a similar rollout by Google's Gmail service in February.

When a user has the two-factor authentication option on Facebook activated, the new feature will ask users to enter a code – in addition to their username and password – anytime they try to log into Facebook from an unknown device, Fred Wolens, a Facebook spokesman told SCMagazineUS.com.

For instance, when a person logs in from their laptop, they enter their password, which then triggers a code to be sent to that user's mobile device, he said. The code, valid only for that particular session, is used to activate the connection.

Facebook also announced it made changes to the way users access the site. Earlier this year, it introduced  "HTTPS," which encrypts communication and offers more secure identification of a network web server. The new development announced on Tuesday automatically switches users back to an HTTPS session if they start using a non-HTTPS application on Facebook.

Company engineers have said that HTTPS may cause pages to load at a slower rate and that some third-party applications may not be compatible with the protocol.

"We're constantly trying to make the system safer, Wolens said. "One of our big objectives is the security of all of our users."

Despite the improvements, some security experts, such as Graham Cluley, senior technology consultant at Sophos, still are concerned about safety and privacy for Facebook users.

In an open letter, he and fellow researchers urged, among other things, that Facebook turn on HTTPS by default.

"Facebook should enforce a secure connection all the time, by default," the Sophos team wrote. "Why wait until regulators force your hand on privacy? Act now for the greater good of all."

But Wolens said forcing all users to abide by the same preferences limits the personal experience.

"It is all about exercising control and giving people choices to keep their accounts secure," he said.


Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Scammers exploit interest in NBA finals to spread Facebook spam

Spammers also used pages on Tumblr to carry out a social networking scam.

Microsoft's new bug bounty program offers up to $11k in incentives

The tech giant now joins other major companies offering rewards to successful bug hunters.

Hacker defaces Facebook fan page of children's theme park

After contacting Facebook and claiming he was allowed access to manage the page, a miscreant blocked previous administrators and littered the page with sexual and racist references.