Login Approvals is simple: before your Facebook account can be accessed from a new computer, Facebook will send you a text with an access code. You then have to type in that code before accessing your Facebook account.

Once the account challenge is completed, you can choose to save that computer as a trusted device, which will prevent the Login Approval popup from appearing again. If you lose your phone, you can still access your account from these trusted devices and use that to authorize access to a new device.

Login Approvals is now available as an opt-in feature in Facebook’s account settings. It was built by Andrew Song, one of Facebook’s engineering interns.

As users pour more information into their Facebook accounts, the social network has been ramping up its efforts to improve security. Facebook has implemented temporary passwords via SMS and in the past year introduced a remote logout feature. It’s all part of Facebook’s efforts to stop phishing scams and clickjacking attacks, a problem that just won’t seem to go away.

More About: facebook, Facebook Engineering, Facebook security, Login approvals, security

For more Tech & Gadgets coverage:

• Follow Mashable Tech & Gadgets on Twitter
• Become a Fan on Facebook
• Subscribe to the Tech & Gadgets channel
• Download our free apps for Android, Mac, iPhone and iPad

The letter — which is brief — highlights three steps that Sophos’s technology consultants and security analysts think Facebook should take to better protect its users and improve overall security.

Through its Naked Security blog, Sophos frequently tracks various phishing scams and clickjacking attacks that appear on Facebook with growing frequency.

When it comes to security, Facebook’s servers and login system have a solid track record of keeping its systems clean and breaches to a minimum. Instead, the real security threats are from phishing scams and rogue Facebook apps.

To combat some of these issues Sophos’s Graham Cluley says that Facebook should consider adopting the following policies:

• Make privacy the default, rather than the opt-in.
• App developers and apps should be vetted and approved before being published to the platform.
• HTTPS should be used for everything and be on by default.

We think these suggestions make a lot of sense — especially the call for privacy defaults and HTTPS for everything. Although we wholeheartedly agree that there should be significantly more oversight added to the application approval process, the sheer number of registered Facebook developers and Facebook apps makes implementing a stricter approval process more difficult.

What do you think of Sophos’s letter? What changes do you think Facebook should make to improve user security and privacy?

More About: facebook, facebook privacy, Facebook security, privacy, security, sophos, trending

For more Social Media coverage:

• Follow Mashable Social Media on Twitter
• Become a Fan on Facebook
• Subscribe to the Social Media channel
• Download our free apps for Android, Mac, iPhone and iPad

Yes, I make most of my living working with Facebook. But, sometimes I just wish one of the little cyborgs would materialize in front of me so that I could smack it in the back of the head and say, ‘Seriously, WTF were you thinking?”

It used to be that to access your account from a new location you would need your access information and full birthday. That’s it. I originally thought that was stupid because there are so many people that display their full birthday on their profile and that it just wasn’t a security feature at all. So, then Facebook turned up the security half-a-notch and made it so that the user was notified when their account was accessed from a new location. Ok, I can see the point in that. Not exactly very secure, but ok.

Well, the cyborgs came up with a whole new security solution! Check it out! This is just pure genius in the making!

Facebook now has a new security feature where if you access your account from a new location you have to answer a few simple questions about your ‘friends’. Specifically, you have to identify 7 of them (you can miss two) from images that they (or anyone else Facebook-wide) has tagged of them. Seems like a pretty good idea right?

Yeah, if you have 50 friends that you actually know, that each has maybe 50 friends that they actually know. And ALL of those friends ONLY tagged pictures of them with their actual face in them, not their childhood pics, not their dog, not their kids or what-have-you. Come on Facebook, really? They allow 5,000 connections and THIS is a security feature?

Seriously now, why wasn’t I invited to the 4:20 meeting where the Facebook security expert team sat up and said, “Hey, if they want to access their account from a new location just make them identify 5 images of 5,000 random friends to get back into their account!” BRILLIANT!

So basically, if you take a vacation and try to access your Facebook from a computer that you have never used before, then you are going to be in friend-hell until you can identify 5 of 7 random pics. Oh, and did I mention that if you get it wrong the first time you have to wait an hour to try again? And don’t think accessing it from your computer at home is going to unlock your account, because your account is LOCKED buddy! You are not getting in until you identify 7 random people period! Enjoy your vacation!

I am no security expert, but I have to say that there are other ways of securing accounts. Even Senators are complaining that Facebook APIs leak all kinds of personal information about you and your friends, but if you want access to your account from a remote computer…. Well THAT’s secure now… even from you!

Share on Facebook

No related posts.

Normally I am a Facebook enthusiast for using the social network in your online real estate marketing strategy. Lately, however, I’m starting to have some doubts.

This morning, as I was managing my client’s accounts, I had to log out of Facebook for just a moment and then log back in. That’s when I saw it; a mid-login notice to ‘Register your Computer’.  You can’t get past it (I tried). They might as well have put a notice that “resistance is futile”.

Nope, sorry, no way around it. You are not getting on to Facebook unless you ‘name’ your computer.

Is this Facebook’s sudden ‘answer’ to all the controversy over security issues and spotlight in the news as to their use of private information?  With so many people getting upset about privacy issues and talking about completely deleting their Facebook accounts, I can only image that this was somehow Facebook’s alternative to actually taking the time to educate users on managing their privacy settings and taking control of their accounts.

What is your take on all the Facebook controversy? Will you still use Facebook to market your real estate business?

Share on Facebook

No related posts.