Facebook has introduced a new authentication feature designed to help users better protect their accounts from being hijacked by password-stealing miscreants. The opt-in feature — which requires users to share their mobile phone number — is a welcome security measure, but may be a tough sell to users already wary of providing too much information to the social networking giant.
Facebook intern Andrew Song explains how the new “Login Approvals” feature works, in a blog post:
“If we ever see a login from an unrecognized device, you’ll be notified upon your next login and asked to verify the attempted account access. If you don’t recognize this login, you’ll be able to change your password with the knowledge that while some one else may have known your login credentials, they were unable to access your account and cause any harm. Once you have entered this security code, you’ll have the option to save the device to your account so that you don’t see this challenge on future logins.”
“If you ever lose or forget your phone and have login approvals turned on, you will still have the option to authorize your login provided you are accessing your account from a saved device. Having these recognized machines associated with your account prevents lockout and ensures that you can regain access to your profile.”
Facebook users can enable Login Approvals by navigating to Account Settings and then Account Security. When I enabled this feature and provided the digits for a mobile phone I own, it quickly sent that phone a six character, alphanumeric code via text message that I used to successfully authenticate on Facebook.com.
It’s not clear from Song’s blog post whether enabling this feature changes any privacy settings you may have established in your Facebook account. Facebook’s privacy policies have been constantly evolving as the social networking provider adds and tweaks features (I pinged Facebook’s press folks to find out and will update this section if they reply). Depending on how much data you’ve already shared, what apps you have installed on your Facebook account and your mobile phone, and what your privacy settings are, you might be surprised how much mobile data you already are sharing with your “friends,” and vice versa. Check out your Facebook Phonebook to find out which of your friends have already shared their mobile contact information.
It’s important for people to remember that Facebook — like most social networking applications and other “free” online services — is not really free: All of us pay for these services in micropayments of personal information over time. And to quote noted security curmudgeon Bruce Schneier: “Don’t make the mistake of thinking you’re Facebook’s customer, you’re not – you’re the product. Its customers are the advertisers.”