Facebook intends to extend security features
According to Facebook's own statistics, only 0.06 per cent of all log-in attempts to the social networking service are compromised. This figure is part of a security infographic Facebook released on the occasion of "National Cybersecurity Awareness Month", a few days ago, to illustrate how seriously the company is taking the security of its users. However, a total of approximately one billion log-ins per day suggests that 600,000 of them will be "compromised" – an alarmingly high number.
Unsurprisingly, the figure soon made the rounds and has forced Facebook to provide further explanations: talking to Ars Technica, a company spokesperson confirmed that Facebook does indeed block about 600,000 log-ins per day. However, the representative noted that the word "compromised" in the infographic refers to log-ins where Facebook isn't absolutely confident that the account's true owner is trying to access the account. In such cases, the spokesperson said that Facebook will block access and request a form of authentication that doesn't involve a user name and password. There is no security issue with Facebook itself, he added.
Source: Facebook Apparently, most accounts are compromised from outside of Facebook, such as when account holders use the same log-in information for multiple services. If this account data is stolen from one of the services, or a user falls prey to a phishing attack, the stolen account information can often also be used easily to log into Facebook.
To prevent successful log-ins with stolen account data, "Login Approvals" have been available for some time: users can authenticate via a code that is sent as a text message to their mobile phone when they log in from an unrecognised computer
In the coming weeks, Facebook plans to introduce an additional security mechanism that is listed as "Guardian Angels" in the infographic. When their email accounts are blocked, users cannot reset their Facebook account passwords via the usual mechanism. In such an emergency, users will be able to nominate three "trusted friends" to whom Facebook will send codes. The Facebook account can only be accessed if all three codes are entered. Facebook also plans to improve user security via app-specific passwords ("App Passwords").