Facebook improves security with https and social authentication

Facebook announced on Wednesday that they will be improving security throughout the website, a response to the hacking of Mark Zuckerberg's account earlier today.

According to the Facebook Blog, the improved security measures will increase protection around the site, to ensure users information and accounts are secure, and decrease the number of ways hackers may be able to access your account.

Starting today, Facebook has enabled HTTPS around the website for users who feel like they need to secure their account. The totally optional feature can be enabled or disabled at any time in their account, and will ensure any information being sent throughout the website remains private. HTTPS currently doesn't work on third-party applications, but this issue will be addressed in the coming weeks. Before enabling HTTPS on Facebook, note that encrypted pages may take longer to load.

Facebook_https

The new feature will co-exist with Facebook "advanced security" (found under Account Settings > Advanced Security). From here, you can see where and when you last signed into Facebook, being able to remotely logout from that location or mobile application. The most recent activity tracks your location, the browser's user agent and what date and time you signed in.

Facebook also announced, as part of their increased security measures, social authentication. If Facebook detects suspicious activity on your account, such as someone logging into your account from halfway around the world just hours after you, Facebook will prompt the user to identify pictures of a friend before accessing the account.

A captcha-like application will prompt the user before logging in, asking them to identify five of your friends.

Facebook_social_auth

Now, this feature won't be too hard to bypass, if you have your privacy settings opened to everyone. A hacker could just browse your open Facebook page and identify the friends in the picture. This is why you should limit access to your Facebook page to prevent strangers from being able to lurk your page.

Report a problem with article
Previous Story

Google talks 2011 plans, "not happy" with low Android app purchase rates

Next Story

Daily Gaming: January 26, 2011

35 Comments

View more comments

I hightly doubt this has ANYTHING to do with Zuckerberg's accounting getting hacked. His account was hacked yesterday, and they magically implemented all these features overnight????

What source did you use to find out that this is a direct response to the hacking? Or you just made it up?

no-sweat said,
I hightly doubt this has ANYTHING to do with Zuckerberg's accounting getting hacked. His account was hacked yesterday, and they magically implemented all these features overnight????

What source did you use to find out that this is a direct response to the hacking? Or you just made it up?


Indeed. There's absolutely no way they can both think of this idea, develop it, test it, and release it within a day. Not on this scale. In that case Facebook are unnatural development gods.

Nah, likely months in baking, just like many other Facebook features have been, and a good day to release it now that they got some problems. Maybe, just maybe, they had to rush out the feature a bit, but this is absolutely not a reaction to the Zuckerberg hack. That's just ridiculous and shouts of lacking insight of how software development works.

Particularly the https support probably stems from the Firesheep release back in last year.

no-sweat said,
I hightly doubt this has ANYTHING to do with Zuckerberg's accounting getting hacked. His account was hacked yesterday, and they magically implemented all these features overnight????

What source did you use to find out that this is a direct response to the hacking? Or you just made it up?


Considering that they already had the SSL certificates in place (I've been accessing it via HTTPS for months now), it's not at all infeasible that they could, in one day, add an option that just activates changes in the way links are parsed (especially since they're only adding one character).

That photos thing has been round since at least November. I went to visit my gf doing a year abroad and when I tried to log in on her computer it asked me to identify some freinds.

necrosis said,
Is their XMPP chat finally SSL'ed?

Also. I can not find this option to turn it on anywhere.

Nope. Still no SSL on their XMPP chat.

The whole problem with "Facebook" is that they require too much personal information to even setup an account, none of that information is any of their dang business.

In my opinion, your a fool to have a Facebook account. Any social website that requires that amount of personal info like that to make an account, is a red flag in my opinion. Your setting yourself up for that information to be taken, or given away like Facebook likes to do.

jd100 said,
The whole problem with "Facebook" is that they require too much personal information to even setup an account, none of that information is any of their dang business.

In my opinion, your a fool to have a Facebook account. Any social website that requires that amount of personal info like that to make an account, is a red flag in my opinion. Your setting yourself up for that information to be taken, or given away like Facebook likes to do.

Shut up, Grandma

jd100 said,
The whole problem with "Facebook" is that they require too much personal information to even setup an account, none of that information is any of their dang business.

In my opinion, your a fool to have a Facebook account. Any social website that requires that amount of personal info like that to make an account, is a red flag in my opinion. Your setting yourself up for that information to be taken, or given away like Facebook likes to do.

+1

However, this is the norm these days for doing anything. Even offline agreements and contracts. Everyone wants to know more than they need to know about everything.

jd100 said,
The whole problem with "Facebook" is that they require too much personal information to even setup an account, none of that information is any of their dang business.

Name. email address and a password. If you think that's too much personal information, you best get your tin foil hat out 'just in case'

akav0id said,

Name. email address and a password. If you think that's too much personal information, you best get your tin foil hat out 'just in case'

LOL!!! Well said.

Tpiom said,
I can't see this feature either.
Maybe it's only for folks in the US...?
i'm not seeing it yet either and i'm from the US.

If you look at the SSL cert, its beginning valid from date is: 11/14/2010. Thats the day they purchased the SSL certificate, or renewed it. Either way, its likely they didn't throw this all together last night after Zuckerbergs account got breached.

Supra Boy said,
If you look at the SSL cert, its beginning valid from date is: 11/14/2010. Thats the day they purchased the SSL certificate, or renewed it. Either way, its likely they didn't throw this all together last night after Zuckerbergs account got breached.

The're even changing the length of a year to 14 months

"A captcha-like application will prompt the user before logging in, asking them to identify five of your friends."

That is going to screw all those friend whores, who haven't got a clue who 90% of the people on their friends list are.

Commenting is disabled on this article.