Facebook Battles Spams and Scammers with New Security Features
Modernizing Authentication — What It Takes to Transform Secure Access
Facebook rolled out three new security measures to try to prove that it cares about user privacy.
The social networking site now features two-factor authentication to secure the login process, a secondary step to thwart clickjacking scams and a new surfing tool to rate the safety of links, Clement Genzmer, a Facebook security engineer, wrote on the Facebook Security blog that appeared May 12. Clickjacking refers to tricking users into clicking on links that post on the Wall to get more people to click and is one of the most common sources of spam on Facebook.
"Facebook is committed to bringing you a safe experience on the Internet," Genzmer wrote.
The latest announcement is a "welcome" sign, since the features prevent, or actively discourage, users from doing certain things while on Facebook, Paul Ducklin, head of security at Sophos, wrote on the Naked Security blog.
"In the past, Facebook has seemed curiously reluctant to do anything which might impede traffic. Let's hope that everyone at Facebook has accepted that reduced traffic from safer users will almost certainly give the company higher value in the long term," Ducklin wrote.
Login Approvals, the two-factor authentication feature, is an optional feature for all Facebook users, Andrew Song, an engineering intern, wrote on the Facebook Engineering blog. The company hinted at this feature back in April. Users who turn on Login Approvals will receive a numeric code via text message on their cell phones whenever they try to log in to the site from a new or unrecognized device, according to Facebook's Genzmer. The user would have to enter that code before gaining access to the account. The challenge will request the code sent to the phone for every login attempt made from a device the user hasn't designated as "safe."
"While someone may have known your login credentials, he or she was unable to access your account or cause any harm," said Genzmer.
If the user loses the mobile device, the user will have to log in from a saved device to reset the phone number and prevent account lockout, according to Song.
For more, read the eWEEK article: Facebook Adds Security Features to Stop Spam and Scams.