Facebook is launching more tools this week (1-26-11), to aid in keeping users’ Facebook accounts secure. One is the ability to log into Facebook securely. This means when you go to facebook.com you’ll begin your session with encryption so when you type in your user name and password, anyone around trying to sniff or use the dreaded Firesheep application to try to take over your account will be unsuccessful.
The second is a ‘Social Authentication’ process. If Facebook detects that you are logging in from say, Oklahoma in the morning and that evening, they notice a login from Australia, they have you re-authenticate yourself on the spot. Instead of answering a ‘security question’, instead they’ll produce a picture and have you identify someone in it. We’ll talk about these two security features in this week’s article.
Most of us are familiar by now with the notifications to look for when we’re banking – the little lock symbol down in the lower right side of our browser and then the site will have a green bar to denote a secure connection.
Now, Facebook will provide this same level of security.
Utilizing https is not automatic, you’ll need to go to your ‘Account Settings’ and then click on ‘Account Security’, and you’ll see the below. Click on the checkbox and save your settings. From then on, you’ll be using Facebook totally encrypted. I’d also check the ‘send me an email’ box when a new computer logs into your account – that’s a smart thing to do too.
Besides selecting these options, you can also take a look at the most recent activity on your account. Just another level of information they’re giving you.
- Facebook warns that encrypted pages usually take longer to load, but probably not significantly
- Many of the third-party apps on Facebook can’t handle the encryption, so they may not work, i.e. games
My suggestion would be to leave it off unless you’re going to go to a public place. Just remember to turn it on before you leave your secured home connection!
This one is pretty cool. If Facebook notices logins from two widely separated locations (they don’t say how ‘wide’), they will initiate an authentication challenge to you. They’ll show you some pictures of your friends and you’ll identify them. In one of the screenshots I saw, it wasn’t one of your friends’s profile pictures, it was actually a picture you had posted on your site with you and this friend in it. Kind of cool, but kind of creepy too that they can pull that up so quickly.
It’s a great idea because a hacker may have brute forced your password, but they won’t know your friend’s names. Of course, if a spouse or former boyfriend/girlfriend has taken your password, they just might know who is in the picture!