Facebook Security Gets A Makeover As Social Networking Threats Loom
The moves come amid a host of recent studies that show social networking threats and security troubles have been on a steady climb over the past year and show no sign of slowing.
According to Alex Rice, a Facebook security engineer, the two new Facebook security features were designed to protect users from social networking security threats like viruses, malware and hackers.
First, Facebook added HTTPS protection. While Facebook already used HTTPS, which adds SSL security to HTTP to encrypt and decrypt user page requests, when users' passwords were sent to Facebook, the 600 million-user strong social networking site said everything done on Facebook can be HTTPS protected.
"Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS," Rice wrote in a blog post highlighting the new Facebook security features. "You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the 'Account Security' section of the Account Settings page."
HTTPS encrypts pages, and Rice warned that could cause Facebook to take longer to load. Additionally, some features like third-party applications are not supported in HTTPS. Currently, HTTPS is optional and Facebook plans to roll it out over the next few weeks.
"We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future," Rice wrote.
Facebook also added a new security feature it calls "social authentication." Through social authentication, Facebook will ask users to very their identities to ensure their accounts haven't been compromised. The social networking site will only do this if suspicious activity is detected, for example if a user logs into their account from California in the morning and then logs in from Australia just a few hours later.
Instead of using traditional captcha or challenge questions, Facebook will show users pictures of friends and ask them to name the person in the photos.
"Hackers halfway across the world might know your password, but they don't know who your friends are," Rice wrote.
The Facebook security updates come on the heels of a recent survey by security vendor Sophos found the number of social networking threats and the number of people who fall victim to those threats have experienced dramatic growth recently. In its Security Threat Report 2011, Sophos found that Facebook has become a prime target for cybercriminals.
The survey found that about 40 percent of the 1,200 social networking users polled have been sent malware, such as worms, via the social networking sites they frequent. That's an increase of about 90 percent second the summer of 2009. Additionally, two thirds of users queried, said they have been spammed via a social networking site, which is more than double the proportion of social networking users just two years earlier. And, Sophos found, 43 percent of respondents said they have been on the receiving end of phishing attacks, which is more than double the number from 2009.