Facebook offers new security options

by Steve Ragan - Jan 27 2011, 13:50

Facebook is rolling out two new security options. Considering the flack they are taking with new advertising models that might hinder privacy and two high-profile account hijackings this week, Facebook needed a positive spin on something. It looks as if they’ve found it.

Earlier this week, Facebook announced that they would soon turn likes and check-ins into advertising revenue. This set off the normal privacy debates, when really aside from Wall spam, many users won’t notice a change. Truth is, the ‘Sponsored Stories’ advertising program is likely to result in ads that are simply ignored by users.

Around the time that the new advertising program was making headlines, word spread that French president Nicolas Sarkozy’s Facebook account was compromised. The defacement resulted in a supposed message from him announcing his retirement in 2012. The message was later removed and claimed as false.

It is likely that the software glitch that led to Sarkozy’s problems is the same one Facebook fixed after Mark Zuckerberg’s fan page was defaced with an odd message of its own. While Sarkozy’s issue was mainly ignored by those outside of the security world, Zuckerberg’s defacement became worldwide news almost instantly.

Addressing the odd post by their founder, Facebook told CNET, “A bug enabled status postings by unauthorized people on a handful of public pages. The bug has been fixed.”

Now, Facebook is making headlines again. Just in time for Data Privacy Day on Friday, Facebook is releasing two new security options for its users.

The first security offering is SSL. As it stands now, SSL is only used when you login to Facebook. However, users will soon have the ability to permanently enable SSL for the entire Facebook session. The drawback is that some applications do not support SSL, and there will be instances where using Facebook itself is slowed by the feature.

“We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future,” Facebook’s Alex Rice said in a company blog post on the new features.

The second security feature is called Social Authentication. This will replace the normal, and often hard to read CAPTCHA challenge, and replace it with something more personal.

“Many sites around the web use a type of challenge-response test called a [CAPTCHA] in their registration or purchasing flows. The purpose of this test is to verify that you are a human being and not a computer trying to game the system,” Rice explained.

“Instead of showing you a traditional [CAPTCHA] on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are.”

Frankly, permanent SSL is something Facebook has needed for a long time, we’re glad to see plans to push it to the public. We only wish it were an opt-out feature, instead of one where you must opt-in to use it.

The social replacement for the use of CAPTCHAs is another nice improvement. Admittedly selecting a name from a list of friends and matching it to an image is far from foolproof, but it is something different.

If you tend to use Facebook in public more than at home, you should enable the SSL option. There will be some glitches at first, but it’s worth the tradeoff if you worry about privacy.

Around the Web