OSC Guardian - Safety Advice


Monday, May 16, 2011

New Security Enhancements at Facebook

Facebook announced several security enhancements last week including a new two-factor authentication system and a partnership with a service that can help users avoid clicking on risky or malicious links.
With the optional new Login Approvals service, users will be required to enter an additional code, sent to them via text message, when logging in from a new or unrecognized computer or device. Once the code is entered, users then have the option to save the device to their account so that it no longer requires additional authentication, according to a Facebook blog announcing the new measures.
Users will also see when attempts have been made to access their account from an unrecognized device, but no code was entered, according to the post. If users don’t recognize the login attempt, they’ll be able to change their password “with the knowledge that while someone else may have known [the] login credentials, he or she was unable to access your account.” Login Approvals can be enabled through the “Account Security” section of the account settings page, according to the post.
One aim of the new service was to balance security and usability, according to a separate Facebook blog post. Two-factor authentication sometimes requires users to download applications or to purchase physical tokens, it states. “These are good approaches, and we're considering incorporating them in the future, but they require a lot from the user before being able to turn on the feature. To have the biggest impact and provide this added security to the most people, we decided on SMS.”
Facebook also announced a partnership with Web of Trust (WOT), which ranks Web sites based on feedback provided by WOT community members. The tool, which contains rankings of millions of sites, can help reduce the risk of phishing, spam, scams, and other threats, according to the Facebook post announcing the security enhancements.
Facebook already has a system that automatically scans links to determine whether the Web sites associated with the links are “spammy” or contain malware, according to the post. In the coming months, the company will “increase [its] coverage even more by working with other industry leaders.”

No comments:

Post a Comment