In association with heise online

15 May 2010, 12:06

Facebook introduces security measures

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Facebook will send a notification if someone tries to log in from a device that hasn't been registered; however, the feature must first be activated manually in My Account/Settings. This describes the social networking platform's new security measures in a nutshell.

In Account Security, users can choose to "receive notifications for logins from new devices". When a user subsequently tries to log in, Facebook will ask for a computer name and will automatically send an email notification to the user. If the user ticks "Don't ask me again for this computer", Facebook will remember the device. The announced option to receive SMS text notifications was not available in our first tests; it may not be available yet in Germany or the UK.

The email notification about the suspicious incident only contains the computer name entered. No information which could be used to trace the person who tried to log in, such as the IP address from which the login attempt originated, is included. Strictly speaking, it isn't even the device which is registered, but the browser where the relevant cookie is stored. Those who alternate between Firefox and Chrome have to register both browsers. Facebook's iPhone app seems to bypass device registration completely at the moment.

Facebook also plans to request further information to verify a user's identity in case of a "suspicious login" – users may, for instance, be asked to enter their date of birth or identify a friend in a photo. All of these measures seem rather error prone; just imagine the situation of people who have carelessly accumulated a few thousand "friends". This could be the reason why the feature hasn't gone live yet. In any case, repeated logins via various public proxies didn't trigger such requests.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit