Facebook Adds Two-Factor Authentication

May 16, 2011

Earlier this year, Facebook provided an added security feature for its users, allowing them to specify that all sessions should use the ‘https:‘ protocol, which encrypts traffic between the browser and the server.  The social networking site has now added another optional security feature, which it calls Login Approvals.  This, when activated by the user, provides a two-factor authentication mechanism, using a code sent to the user’s cell phone via an SMS text message, in addition to the usual user ID and password.  This is similar to the two-factor system used by Google Mail; however, according to the Facebook announcement, the additional code will only be required when the user tries to login from a new device.

 Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer.

The announcement also says that, once you have successfully logged in, you can save the new computer’s identification to your Facebook account, so that you will not have to enter a special code in the future.

One thing the announcement does not explain is how Facebook decides whether the device you are using is “new or unrecognized”.  This is potentially important to understand, since the suggested recovery in the event of an unavailable / broken phone is to login from a “recognized” device.   This would include devices whose identifications you had previously saved, but it is not clear whether you start off with any other recognized devices.

Still, it is good to see service providers like Google and Facebook doing the work to provide better security capabilities for their users.

%d bloggers like this: