Facebook rolls out tighter security

Facebook is launching new security features to combat malicious attacks, scams and spam.

Facebook is launching new security features to combat malicious attacks, scams and spam.

The giant social network site is a magnet for internet criminals looking to steal users' passwords and other personal information.

The new security features come as Facebook faces growing criticism over the way it handles users' privacy as it pushes them to share more about themselves with one another and the outside world.

Users can now ask to be notified by email or text message when their account is accessed from a computer or mobile device they have not used before. The log-in attempt may be legitimate when travelling, but Facebook says if you have not left home in a week, you probably ought to change your password.

READ MORE

Facebook is also adding roadblocks when it notices unusual activity, such as simultaneous log-ins from opposite sides of the world. For example, users might be shown a photo with their friends tagged and be asked to correctly identify who they are before the second log-in goes through.

Users will also be able to check where the latest log-ins have come from. This is similar to a feature Google offers on its Gmail service, where users can view the date, time and location of the most recent log-ins to their account. Gmail also states whether the account is open on another computer at the same time.

Some of these changes are already available, while others are still being tested and will be launched over the next few weeks.

Facebook typically rolls out changes over several days, if not weeks, so not all users will see them at the same time.

Facebook already has automated systems in place that detect when users access the site in a way that "doesn't make sense", says product manager Jake Brill.

This can include sending out an avalanche of messages or logging in from different countries at the same time.

But the secondary account verification system that Facebook is rolling out makes sure that when people log in from elsewhere, they are authorised to do so.

Many websites try to do this by asking people to type words displayed in an image to prove they are human, rather than a computer seeking automated access. But this only helped to keep those software robots out, not people, Mr Brill said.

The requirement to enter information that only users would know - such as the identity of their friends - can help stop unauthorised access should their passwords somehow become compromised.

To be notified when someone accesses an account from a new computer or device, users have to turn that feature on by going to "account settings," scrolling down to "account security", then clicking "change".

Facebook is asking users to activate, or "opt-in" to, the security setting, even as it takes an "opt-out" approach with some of its marketing and personalisation features. With opt-out, participation is automatic unless the user takes action.

The site's users are a good target for cybercriminals because of the implicit trust people place in Facebook. They are more likely to respond to scams and other messages that appear to come from real friends, but are actually sent by hackers able to play the system.

AP