Yesterday, Mark Zuckerberg’s Facebook fanpage was hacked. Today, not one but two new security features have now been implemented. Now, as impressive as it would be for Facebook to come up with and implement two new security measures in just 24 hours, the timing of the release of these measures are purely coincidental.
As it turns out, January 28th is International Data Privacy Day; a date that stands for, as dataprivacyday2011.org puts it, ‘an international celebration of the dignity of the individual expressed through personal information.’ It’s a day set aside to create awareness to the various ways personal data can be intercepted and misused. Thousands of corporations and high profile websites have been rolling out new ideas for better security in preparation for this day, and who better to serve as a paradigm of personal data security than Facebook…
Kidding aside, the security measures are actually quite interesting. Starting today, you can experience facebook entirely through the safety of a HTTPS secure connection. HTTPS is generally reserved for when you enter passwords to login to sites, purchase items through a shopping cart, pay bills, bank online, etc., but since so many of the general facebook population’s actions often give out private information at the drop of a hat, allowing this security feature to be applied to the entire browsing experience rather than just the login experience.
However, this newfound data security does come with a slight price: Encrypted pages will take longer to load, and most third-party applications are not supported by HTTPS. Luckily, it is a completely optional change. If you want to activate encrypted facebooking, go to your account tab, select account settings, and click the change option next to account security. Most accounts should see this option (click to enlarge):
I say most accounts because some (like one of mine) will not see the update yet.
The second security feature is the Social Authentication verification feature. If Facebook detects suspicious activity from your account, like being logged in from a computer in Russia two hours after you just logged out from a computer in Iowa, instead of asking you for a security question like most other sites, Facebook will try to verify your identity through their social authentication test. The test will instead you pictures of your friends and ask you for their names, the logic being that while you would surely know the names of your friends, the hackers wouldn’t.
Although it is a clever solution to the problem, there is one thing that comes to mind that could spell disaster for the legitimate owner of the account: While it would be assumed that a random stranger wouldn’t know who your friends are, do people really know the names and faces of every single one of their Facebook friends?
Say you are on a road trip and happen to log in at multiple stops along the way. Facebook detects multiple logins in different states, implements the social authentication feature, and chooses the following 5 people out of your friends list: That one guy you had one class with in college, your ex-girlfriend’s roomate, the chick you met at a starbucks, exchanged Facebook info, and never followed up on again, that dude on twitter you exchanged info with, and that random ‘friend-of-a-friend’ you met at a party that somehow got you to add him.
My point is, with just how many people we consider ‘friends’ on Facebook, I’d be surprised if I could actually put a name to the face of 25% of my personal profile’s meager 350 friend list, let alone anyone who has upwards of 1000+ friends. I could definitely see this security feature becoming a serious thorn in the legitimate user’s side.
That said, it is good to see Facebook taking steps towards better security measures for its massive audience… even if the changes came a day too late for Mark’s poor fanpage.
Think these new security features are pretty cool or pretty useless? Share your thoughts or prove me wrong in the comments below.
Related posts:
Mike Filsaime’s Official Blog, News, and Reviews
Facebook comments:
No comments yet.
RSS feed for comments on this post. TrackBack URL