Facebook has introduced a new authentication feature designed to help users better protect their accounts from being hijacked by password-stealing miscreants. The opt-in feature — which requires users to share their mobile phone number — is a welcome security measure, but may be a tough sell to users already wary of providing too much information to the social networking giant.
Facebook intern Andrew Song explains how the new “Login Approvals” feature works, in a blog post:
“If we ever see a login from an unrecognized device, you’ll be notified upon your next login and asked to verify the attempted account access. If you don’t recognize this login, you’ll be able to change your password with the knowledge that while some one else may have known your login credentials, they were unable to access your account and cause any harm. Once you have entered this security code, you’ll have the option to save the device to your account so that you don’t see this challenge on future logins.”
“If you ever lose or forget your phone and have login approvals turned on, you will still have the option to authorize your login provided you are accessing your account from a saved device. Having these recognized machines associated with your account prevents lockout and ensures that you can regain access to your profile.”
Facebook users can enable Login Approvals by navigating to Account Settings and then Account Security. When I enabled this feature and provided the digits for a mobile phone I own, it quickly sent that phone a six character, alphanumeric code via text message that I used to successfully authenticate on Facebook.com.