New Security Tools Prevent and Alert Users to Unauthorized Logins
New Facebook security systems focused on preventing unauthorized logins are now active in the Account Settings -> Account Security panel.
Outlined in a post to the official Facebook Blog, these tools come amidst a storm of criticism over privacy and security flaps regarding exposed chats and user data scraped from instant personalization which we addressed in a comprehensive guide to Facebook’s latest changes last week.
The features are designed to “help people keep track of their Facebook logins and keep malicious actors out of their accounts,” according to the company. The first system allows users to register the devices from which they access Facebook, and receive notifications by email or text if their accounts are accessed from an unapproved device. From these alerts, users can reset their password and remove devices from their authorized list, which requires devices to re-register on their next login.
However, this feature only functions for logins to Facebook’s full site. Logging in from Facebook Mobile, Facebook Touch, or the official Facebook iPhone app does not require device registration, and no record of the log ins appear in the user’s Account Security panel. Facebook needs to record and notify users of log ins to all versions of the site for this system to truly provide a more secure experience.
To prevent unauthorized logins before they occur, Facebook will now ask additional security questions to authenticate a user’s identity if they are accessing the site from a device deemed “unusual”. We’ve contacted Facebook asking them to clarify exactly makes a device “unusual”, and we’ll update this story when we receive a response. Questions used to verify that the person accessing the account is the true owner include identifying the name of a friend in a photo, giving a birthdate, or even more personal questions as seen below.
Update: Simon Axten from Facebook’s Privacy and Public Policy team clarified for us how the new verification question tool is triggered. “We show the extra verification step when the login is coming from a device that isn’t typically used to access the account, or from a location that seems unusual based on recent or normal activity. For example, if someone logs in from Palo Alto, CA, and then several hours later, from a location halfway around the world, we’ll block access and ask for additional authentication.”
May 17th, 2010 at 2:48 am
Well this is really good. By the help of this new tool we get to know whenever some unknown person login our facebook account so we get notifications. I really like it.
May 17th, 2010 at 4:44 am
I keep this id and page for the sole purpose of playing games. I don’t know anyone on my page but I do play with them. I cannot now access that page because I can’t identify anyone FB is asking me to identify! There’s got to be some way for me to get to that page! HELP!
May 17th, 2010 at 10:58 am
I just went away for 4 days and my bestie took her laptop.. I couldnt get into my account because i play alot of games and dont know everyone.. ALSO one of the pics was of a freaking room with nobody in it! They had the pic within their profile because they had just moved! Really? So if you don’t know my freakin dog cat or bird personally then you are royally F’ED because they are in my profile pics.. Can FACEBOOK Administrators and Developers be truly that IGNORANT? Have us create secret questions with answers and if we are on a different PC then ask us one.. HMMMM THAT’S WHAT MY BANK, CREDIT CARD COMPANIES, AND EVERYONE ELSE DOES!! GET WITH IT FACEBOOK!
May 18th, 2010 at 6:34 am
[...] VÃa | insidefacebook [...]
May 19th, 2010 at 5:55 am
The photo id system to prove you are who you say you are does not work properly. I was shown a photo of a NY Mets flag and given people’s names to choose from for identification. Another was a photo of me and my friend and neither of our names were in the choices. Photo id system does not work!!
May 26th, 2010 at 6:47 am
The photo verification feature has got to be the dumbest idea ever implemented by an Internet portal. It may be causing some users to stay out of Facebook involuntarily, but I refuse to revisit Facebook until it removes that stupid photo verification feature and issues a mea culpa to users who’ve used their correct passwords but have been blocked by incorrectly identifying some obscure photo.
June 1st, 2010 at 10:09 pm
We need to start a “FAIL” wall for Facebook. This one ranks near the top. How much cash do you think some idiot in info. security just blew with all the coding for this? Seriously FB have you looked at your members profile pictures recently? I am supposed to know who the goat dressed up as a mafia gangster is? I am one of the lucky users locked out. I have 1,500+ friends and there is no way in hell I can match the names to the goats, cars, pets, and random sports logos they have used for their profile pictures.
June 6th, 2010 at 6:38 am
Same here…cannot access my FB page because I can’t identify people in some very obscure photos. Really dumb. Anyone know how to get arund this?
June 28th, 2010 at 7:47 pm
On vacation for a week. Tried to sign on to fb with my laptop. How in the world does fb expect us to know who some radom person is picture is they show us? Has anyone figured out how to get around this promlem?
July 1st, 2010 at 1:41 am
Its amazing that I cannot access my facebook account simply because I loged in from a different PC. How on eath can I identify all the photos of my friends…am missing and loosing alot. please..HELP !!!!
July 3rd, 2010 at 7:42 pm
Well I guess I won’t be able to use facebook, confirm new friends, etc for a while. I travel a lot, which is nothing new. But now FB has decided that if I try to log on anywhere but home I need to identify photos by/of any random friend out of the 400 or so avalanche safety supporters we have as friends. No way can I do that. It implied that it would recognize my home computer when I got home but I am still locked out. I reset the password via the account email and I am still locked out. After a month and a half or more and growing complaints and problems with this you still haven’t realized how stupid and ineffective this is? I hope it doesn’t take you much longer because I’d like to log in again. I have friends to confirm and I’d like to seek more via our large email list and website. But I won’t promote FB for new friends and for communications if I can’t log into it!
July 4th, 2010 at 12:54 pm
this has got to be the most ignorant system of identification that I have ever seen! Are you people at Facebook that blatantly stupid? How can this system possibly work when you are using at the same time such games like Mafia Wars to where you have 501+ members who are obviously unknown fully to one another? I am now unable to logon and do any of my Mafia Wars gaming commitments!
July 10th, 2010 at 6:15 pm
I was kicked out of my account today and asked to log back in when I tried I was asked to identify photo from my friends albums. The problem with that is that a lot of people aquire friends via the forum of a particular application that they are playing and don’t look at these people photo so how do they expect us to know what picture belongs to what friend. There should be security questions not friend photo identifiers, that is just stupid. Not I can’t access my account even after I tried the suggestion to reset my password. I have not gotten any response back from my emails about this issue from facebook. So if someone did hack into my account they are using it not me so what sense does that make to have such a security check such as identifing photos. This makes me want to leave facebook for good.
July 20th, 2010 at 3:15 pm
I CAN NOT ID ANY PHOTOS SO NOW WHAT? HOW DO I CONTACT Facebook since I can’t log in to correct this? WTF? Anyone know how to contact FB?
July 20th, 2010 at 8:55 pm
IM GOING 2 SPREAD THIS AROUND BCUZ THIS IS RETARDED THAT I CANT ACCESS MY PAGE. SOME1 PLEASE CREATE ANOTHER SOCIAL NETWORKING WEBSITE!!!
July 21st, 2010 at 7:15 pm
How stupid are these developers for Facebook. I guess they are just so cutting edge. Couldn’t be a simple as answering a security question. Idiots.
July 26th, 2010 at 3:57 pm
Thanks for your comments everyone.
We’ve published a story about some new security features and included your concerns about being locked out of you account because the test includes friends you can’t recognize by photo or shows profile pictures without the face of the person they represent. Hopefully Facebook will take notice and help you all out.
Check it out: http://www.insidefacebook.com/2010/07/26/facebook-photos-verify/
August 13th, 2010 at 2:21 pm
I cannot access my facebook coz i fogot what did i write in my fathers name
August 13th, 2010 at 8:08 pm
Worst idea ever. So, FB expects me to recognize everyone from every one of their 200 photos, including the ones in which an apple or bicycle is tagged in place of their actual photos. I moved, and now I can’t access Facebook. I can’t contact them, either. I am now locked out. Possibly for good.
I don’t remember when I was ever this angry in my life. Thank you, Facebook, for being the stupidest, most ignorant site in the world when it comes to users. Way to actually care about what your users need. How the !@#$ did they not catch this oversight?
September 25th, 2010 at 1:24 pm
please tell me how to access my account of facebook without photo id-cannot do it that way-please tell me or do i have to start another account
September 25th, 2010 at 1:25 pm
cannot log in facebook with photo id-another way please
September 27th, 2010 at 7:35 pm
I am only given two phots (both of which are correctly identified) and kicked out of the verification. What the??? I’d close the account if I could login…
November 22nd, 2010 at 3:07 pm
So, how do we contact Facebook or how do we log in other than the photo-id method?
November 22nd, 2010 at 4:00 pm
@Smith: You could try logging in through a mobile phone or app.
February 10th, 2011 at 12:03 pm
Whats the point of having a help page if yall cant help