Facebook Implements “Account Protection” Security Status Bar
Facebook has implemented a new security feature called Account Protection which informs users of how secure their account is. The feature is displayed in a new sidebar module and as a status bar at the bottom of the “Update Your Security Information” page which debuted last month. Users with a “very low” protection status are prompted to verify additional email addresses to prevent identity spoofing, connect their mobile phone to Facebook as an additional account retrieval tool, and add a security question for account owner verification.
These three security information questions which are tabulated in the new status bar were added last month to help protect users from being locked out of their account by scammers, malicious friends, or by accident. Other recently implemented security features include one-time passwords, remote log out of active sessions, notifications and a log of new devices used to access a user’s account, and friend request spam prevention.
An aggressive security feature which forces users to identify friends by their profile pictures to log-in resulted in many rightful owners being locked out of their accounts. Many of these users could have quickly regained access had they activated additional retrieval methods, which may have pushed Facebook to release this new Account Protection feature.
Users with a “very low” protection status may see an Account Protection sidebar module while browsing Places or other in-house apps. The module displays a user’s protection status and provides a link to “Increase protection”.
When followed, users are brought to the “Update Your Security Information” wizard, which has been broken down into a three-step flow. At the bottom of the wizard, users see an “Overall Protection” status bar, which fills as they complete the steps of the flow. Clicking the question mark next to the bar pops up a prompt showing actions left to be taken to “Strengthen Your Security” and “reach a ‘High’ Account Control level’”.
Facebook should be commended for using unambiguous security questions like “What street did you live on when you were 8?” opposed to vague questions like “What street did you grow up on?” which are commonly used by other web services. Some might worry about Facebook spamming users through their additional email addresses or mobile phone, but Facebook won’t contact users through these mediums unless explicitly requested.
Similar to Facebook Impact, Facebook chose to use terminology and visual cues similar those in social games to encourage user action. Getting users to activate additional retrieval methods prevents them from having the awful experience of being locked out of their account for months, and reduces the strain on Facebook technical support caused by these disgruntled users.
November 10th, 2010 at 12:30 am
I think this option will be very helpful because via this option we get to know how strong protection we have of our accounts. Thanks for the update.
November 10th, 2010 at 6:39 am
[...] B) Facebook has implemented a new security feature called Account Protection which informs users of how secure there account is : Link here [...]
November 10th, 2010 at 7:32 am
[...] more here. Share and [...]
November 10th, 2010 at 12:35 pm
It is ‘their account’, not ‘there account’- good presentation spoiled by sloppy spelling.
November 11th, 2010 at 11:14 am
When I used this FB feature, I thought I had been scammed, and I warned all my friends. I hope my feedback here gets to Facebook staff.
When I clicked on the “Increase Protection” link, I got a dialog asking me to enter a security question and answer. That’s fine, but when I clicked the button to continue, the dialog disappeared, and I was left with my regular FB wall. It was if someone had taken my keys and ran.
I was expecting to do something to “Increase Protection.” My “account protection status” was indicated as Low. I was expecting a process that would bring it from Low to High. I single dialog that asked me to enter secret information of mine did not seem like a means to go from Low protection to High protection. It seemed like bait and run. It scared me.
So I decided to visit my account page to see whether I really had changed my security question. If I had, I’d know that the dialog had been legitimate. However, it appears that FB does not let you view or change your security question. I had no way to confirm that this had been a legitimate Facebook exchange.
I took an image snapshot of the Security Protection box and posted it to my wall, explaining what had happened. My friends agreed that I had been scammed. The low-res padlock image seemed to further the impression that this was a hack job.
Facebook, please change the “increase security” procedure to something that looks professional, that does what it inclines users to think it does, and that can be subsequently verified to determine whether the procedure was legitimate.
This addition gave me a scare and wasted a lot of my time trying to mitigate the effects of having been scammed. I also wasted a lot of time trying to find a way to report the occurrence to FB. I found no way to do so. Closing the Security Protection box did not give me a feedback form, and I found no web site or other form for reporting scams to FB.
November 11th, 2010 at 12:25 pm
@Joe: The Account Protection feature is legitimate. You seemed to have been brought to step 3 or 3 in the flow, so when you added a security question, you completed the flow and were sent back to your wall. I agree that a clearer feedback mechanism to let you know you’ve improved your security would be helpful
November 15th, 2010 at 7:05 pm
Pointless. I can’t get to “HIGH” level unless I give Facebook my mobile phone number, AND IT WOULD BE _REALLY STUPID_ TO DO THAT.
November 15th, 2010 at 11:39 pm
[...] FACEBOOK skatina sustiprinti savo profilio saugumo nustatymus. [...]
November 16th, 2010 at 8:37 am
Oh No Ican’t be on high level in my profilee
thank you for the tool
December 10th, 2010 at 7:45 am
[...] via Inside Facebook [...]
December 25th, 2010 at 11:46 am
Next they’ll want SSN’s and photo ID and CC’s with verified address just to be on FB. You gotta think: Is this really for our security? Theoretically, the less real info they have about you the safer you are in lieu of hacker attack. So why would every bit of sensitive info you own be safe in their database? It never, ever, ever gets *deleted*. Oh, wait, that’s right. It’s the largest opt-in database of real people in the civilized world. How does that make you feel about posting personal photos and information?
December 27th, 2010 at 2:48 pm
I suppose it’s a good way for them to turn in pedophiles etc. and to keep them off if they know someone wants this info from them.
December 28th, 2010 at 10:44 am
fb keeps showin me a thingy to the right stating that i am low protection. i click to see what they say will fix it. ok so it appears because i will not put my mobile number in here lolol fb says i am low protection — supposedly this is a way i could use to get on here if needed. i bet i am more protected than anyone on fb hahaha uumm i have practically no info provided and i have not even a handful of extremely trusted friends!!
February 21st, 2011 at 3:54 am
[...] Facebook implements an account protections security status bar [...]