Facebook rolls out new log-in security feature

Posted by Mark Raby

The process of logging into Facebook just got a bit more secure and a bit more complicated... but only if you want it.

The new feature, called Login Approvals, requires users to 'authenticate' any new device before they are able to log into Facebook from it. That is, if you just bought a new smartphone, you're logging in from your friend's computer, or you finally decide to try your TV's Facebook app, the social networking site will send you a one-time verification code as a text message to your stored cell phone number. That code will have to be entered along with your password to log in. This would only occur the first time you try to log in from the new device.

The idea is it will prevent hackers who somehow steal your Facebook password from being able to log in to your account, since they would not have access to the verification code.

"One challenge in building login approvals was balancing security and usability. Similar features on other websites require you to download authentication apps or purchase physical tokens to act as your second factor. These are good approaches, and we're considering incorporating them in the future, but they require a lot from the user before being able to turn on the feature," wrote Facebook's Andrew Song in a blog post.

Login Approvals is not a mandatory new feature, so if you'd rather not bother with the cumbersome verification code process, you don't have to. For those who are interested, the feature is available from the Account Security section of their Facebook account.

Security company Sophos approves of the new feature, saying in a statement, "We want Facebook, and its hundreds of millions of users, to remember that we're not against the world's biggest social network. When Facebook takes positive steps towards better security we're happy to say so, as we're doing now.  But there's much more they could be doing, so we all need to maintain pressure on Facebook to keep on improving."