Facebook Pushes Security Measures Up The Agenda

Facebook is rolling out two new features to add an extra layer of security for users.

The first level of the layer is a new authentication scheme, dubbed “Social Authentication”, which is meant to keep attackers from hijacking accounts; the second level rests with giving users the ability to secure their entire Facebook session via HTTPS.

Do You Recognise This Person?

Both capabilities were reportedly used in the response to a government crackdown on dissidents in Tunisia, where authorities were believed to be deleting Facebook accounts. The civil unrest culminated in Tunisia’s former president Zine El Abindine Ben Ali fleeing the country on January 14.

With Social Authentication, users would be required to identify photos of their Facebook “friends” before they can log in if their accounts are suspected to have been compromised.

“Traditional captchas have a number of limitations, including being (at times) incredibly hard to decipher and, since they are only meant to defend against attacks by computers, vulnerable to human hackers,” blogged Alex Rice, a security engineer with Facebook. “Instead of showing you a traditional Captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don’t know who your friends are.”

A spokesperson for the company said social authentication has been in the testing phase for months and will now be rolled out to users in the coming weeks. The feature is the latest of a number of changes Facebook has made in the past year to improve account security. For example, the social network added features like remote log-out and a one-time password for people using public machines.

“The vast majority of people who have used Facebook have never experienced a security problem,” Rice added. “However, if we detect suspicious activity on your account, like if you logged in from California in the morning and then from Australia a few hours later, we may ask you to verify your identity so we can be sure your account hasn’t been compromised.”

The ability to protect Facebook sessions with HTTPS, Rice blogged, is aimed primarily at users accessing the social network from public places such as schools, libraries and airports. Encrypted pages may take longer to load, thereby making Facebook run slower, he warned, and many third-party applications are not yet supported in HTTPS.

The option can now be enabled under the Account Security section of the Account Settings page. The HTTPS feature will offer users protection against the Firefox extension Firesheep, which was released in October. The tool, released at the ToorCon 12 conference in San Diego, can be used to hijack unencrypted sessions on Facebook, Twitter and other Web 2.0 sites.

“Facebook currently uses HTTPS whenever your password is sent to us, but today we’re expanding its usage in order to help keep your data even more secure,” Rice blogged.

“We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon,” he added. “We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple Developing ‘LLM Siri’ AI For 2026

iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…

14 mins ago

Hong Kong Research Group Trains AI Model With Huawei Chips

Hong Kong-based AI research institute uses Huawei Ascend 910B chips to train latest model, as…

44 mins ago

Investors Shocked As Temu Parent Misses Estimates

Temu and Pinduoduo parent company PDD Holdings misses analysts' estimates as economic slowdown in China…

1 hour ago

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago