Modernizing Authentication — What It Takes to Transform Secure Access
In an effort to shore up security on its site, Facebook has released a pair of authentication tools that aim to prevent unauthorized access to users' profiles.
The new security systems approach authentication by monitoring for suspicious logins and allowing users to register the devices they use to access their account.
One feature Facebook is rolling out seeks to preempt unauthorized access to a user's account. When someone tries to log in to an account from a device that Facebook doesn't recognize, the site will ask a verification question. It might ask for a birthday or for the name of a friend in a photograph before granting access to the account, according to Lev Popov, a software engineer with Facebook's site integrity team.
"These questions are designed to be easy for you, and hard for a bad guy, and we've already seen some great results," Popov said in a blog post describing the new features.
"You won't go through this flow often. We'll only ask you to prove your identity on the rare occasion that we notice something different," he added.
Facebook is also rolling out a feature that allows users to register devices they frequently use to log in to their accounts and give them names, such as "home," "work" or "mobile."
Then, when someone logs in from a computer or phone that Facebook doesn't recognize, it will ask the user to name the device. Facebook will provide users with e-mail notifications detailing the devices that have been used to access their accounts so they can monitor for unauthorized access. Users also have the option of receiving text message notifications.
"We're confident that these new tools and systems will do a lot to prevent unauthorized logins and the nuisance they can cause," Popov said.
Users can sign up for the login notification service on Facebook's account settings page.
The new features build on Facebook's existing security protections and identity-verification tools, many of which are designed to operate in the background and don't affect the normal user experience on the site.
"Most of these systems are invisible to the average person who uses Facebook," Popov said. "Very few people will ever experience a security issue on Facebook, which means that most of you have probably never noticed these systems at work. Rest assured that these systems are there, though, protecting you and your friends."
Last month, Facebook overhauled its Safety Center, an online hub stocked with information for parents, law enforcement, teachers and teenagers about staying safe on the site.
That redesign marked the first collaboration between Facebook and the Safety Advisory Board it convened in December 2009. The board consists of five prominent online safety organizations: Common Sense Media, ConnectSafely, WiredSafety, Childnet International and The Family Online Safety Institute.