Facebook scrambles to tighten user privacy

By David Neal on May 16, 2010 1:48PM

In the spotlight

Announcing Pipeline 2025 tickets, theme & initial speakers

Australian MSP Index launched

End of Support for Windows 10: A guide for Channel Partners

Ingram Micro Ushers in the Age of Ultra

Facebook has announced a series of tools and systems designed to prevent unauthorised log-ins and other suspicious activity on the social networking site.

Lev Popov, a software engineer on Facebook's site integrity team, said in a blog post that the company will automatically alert account holders if it looks like someone is attempting to gain unauthorised access.

"We're announcing some new tools and systems designed to keep the bad guys out and keep you abreast of suspicious activity so you can quickly take action to correct it," he said.

"We've built technical systems that operate behind the scenes to quickly detect and block suspicious behaviour, delete phoney posts and messages, and return compromised accounts to their rightful owners."

Popov explained that these systems are invisible to the average Facebook user, and claimed that "very few people" will ever experience a security issue on the site.

However, these systems may be about to get a lot more obvious. Popov said that a new option in account settings will let users limit access to their account to a handful of hardware devices.

Whenever a user on another kind of device attempts to answer, they will be asked to confirm what they are using by name, and send an immediate email to the holder's main address.

Popov added that the new system could block suspicious attempts "before they happen". Anyone attempting to get into an account from an unusual device will be asked for additional information that can be used for verification.

"For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you've previously provided one," he said.

"These questions are designed to be easy for you and hard for a bad guy, and we've already seen some great results."

Facebook users will also be able to see a list of previous log-ins, and reset their password if they believe there has been an intrusion or intrusion attempt.

"We are confident that these new tools and systems will do a lot to prevent unauthorised log-ins and the nuisance they can cause," said Popov.

"As always, though, the first line of defence is you. We need you to help by practising safe behaviour on Facebook and wherever you go online."

Ed Rowley, product manager at M86 Security, welcomed the changes, but advised all users to treat Facebook with caution.

"Unfortunately, adding granular security settings to anything involving individual user accounts, including Facebook, can be quite complex," he said.

"When using social networking sites, it is the individual who must remain vigilant. If you deem it private, don't post it."

Rowley urged Facebook users to think before they post, spend some time changing the security settings on their account and read the Facebook terms of service.