Product Watch: Facebook Adds New Anti-Hacking Protections

Security feature blocks suspicious logins
Facebook yesterday added new security features to help protect user accounts from unauthorized access. But the login notification and blocking protections thus far have been overshadowed by a growing wave of discontent over Facebook's new "instant personalization" features that have led to unprecedented scrutiny by regulators and privacy advocates, as well as campaigns urging users to delete their accounts.

The social network has been under fire since it instituted it instituted its "social plug-ins" -- backlash that reportedly led to a closed door, all-hands-on-deck meeting at the company yesterday to discuss its privacy policies.

Meantime, Facebook's new security features may not directly address the privacy controversy, but they do offer some controls for protecting user accounts from hacking. The login notification feature lets users approve devices they use to log into their Facebook account and receive notifications when their account is accessed from a non-approved device. It now appears under the Account Settings page, under "Account Security."

"For example, you can save your home computer, your school or work computer, and your mobile phone. Once you've done this, whenever someone logs in to your account from a device not on this list, we'll ask the person to name the device," blogged Facebook's Lev Popov, a software engineer on Facebook's site integrity team. "We'll also send you an immediate email notification - and if you want, a text message - so that you're always up to speed on how your account is being accessed. This notification will provide steps on how to reset your password and remove the device, so you can quickly secure your account if it's being accessed from a device you don't recognize."

The second new feature blocks suspicious logins before they get through. "When we see that someone is trying to access your account from an unusual device, we'll ask the person to answer an additional verification question to prove his or her identity as the real account owner. For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you've previously provided one," Popov said in his blog post.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.