Facebook Strengthens Security With 2 New Tools
Facebook paid independent researchers $40,000 in August for finding and reporting security bugs.
Facebook announced two new features to make the network a safer and more secure environment for its more than 750 million users.
One of the new tools, Trusted Friends, allows someone who gets locked out of his account to select a group of trusted friends to help him verify his identity. Facebook, the company wrote in a blog yesterday (Oct. 27), will send codes to a user's three to five preselected friends, who then pass the log-in code to the user so he can access his account.
"It's sort of similar to giving a house key to your friends when you go on vacation pick the friends you most trust in case you need their help," Facebook wrote. (It's not clear if all the trusted friends, or just one, must give the user the code. Facebook did not respond to a call for clarification.)
The other new feature is App Passwords, which adds a separate layer of password security by generating a one-time password for logging in to third-party apps. This measure is built to improve upon Facebook's two-factor login authentication system, which sends a text message to the user that must be entered along with the password to login.
In recent months, Facebook has taken several steps to make itself a more secure site ; along with two-factor authentication, which it introduced in April, Facebook has also enabled encrypted HTTPS connections, mobile password reset, inline profile controls and profile tag review.
"Our considerable work has undoubtedly made Facebook a safer environment ? less than half a percent of users experience spam on any given day, and only a fraction of a percent of our users ever experience any security-related issues. But we know there is plenty of more work to be done, and we will keep striving to make sure that every time you log in to Facebook, you have a safe and social experience," Facebook wrote.
Graham Cluley, senior technology consultant for the anti-virus maker Sophos, says these new security measures, especially Trusted Friends, don't do enough, considering the amount of scammers lurking on Facebook .
"Trusted Friends seems like a cute idea, but think about it," Cluley told SecurityNewsDaily. "If a hacker has breached your Facebook and email accounts, forcing you to call upon your trusted friends, might they not change your list of trusted friends also? And who's to say that your friends can be trusted? After all, maybe they're sloppy at computer security too."
Security measures he believes Facebook should employ are privacy by default ("opt-in to sharing, not opt-out"), vetted app developers and "HTTPS for everything," which he told SecurityNewsDaily would "stop your personal information from being sniffed over Wi-Fi."
In a blog post, Cluley cited the infographic included in Facebook's announcement, which stated that only 0.06 percent of the more than 1 billion logins per day are compromised. It reads like a miniscule fraction, but it translates to more than 600,000 compromised logins every day.
There is no catch-all security measure people can utilize on Facebook, but "there are all manner of steps you can take to reduce the risks of a problem," Cluley said, including never uploading anything to Facebook you don't want to be shared, reviewing your privacy settings, exercising "caution over who you friend and which applications you install," and running anti-virus software.