Facebook announces two new security features

The new security features were made public today by Facebook security engineer Alex Rice via the company’s official blog.

Facebook currently transmits via secure ‘HTTPS’ connections whenever user passwords are transmitted, but Rice indicated this feature would be extended to the entire Facebook service.

Rice’s statement was somewhat unclear, if not contradictory, as he noted the feature would be available immediately, but then went on to say that Facebook would be “rolling this out slowly over the next few weeks”.

Regardless, the new SSL connection will not be the default setting, as users will need to access their advanced security features and enable the change in their security settings to interact over Facebook using SSL.

Rice did say, however, that Facebook plans on using SSL as the default setting “sometime in the future”. He also added that users of the social networking site would likely experience slower page loads if they opt for SSL, and that many third-party applications accessed via Facebook would not currently support SSL encryption.

Rice also reviewed Facebook’s plan to institute what it calls ‘Social Authentication’ procedures for account access, in a twist on the traditional captcha method for transactional authentication.

“If we detect suspicious activity on your account, like if you logged in from California in the morning and then from Australia a few hours later, we may ask you to verify your identity so we can be sure your account hasn’t been compromised”, said the Facebook security engineer.

Rather than asking users to input a series of characters, known as a challenge-response test, the social authentication method will pull pictures of Facebook friends from the user’s account and ask them to name the people in the images.

What’s Hot on Infosecurity Magazine?