A Continued Commitment to Security

By Alex Rice on Wednesday, January 26, 2011 at 6:13am

This Friday is Data Privacy Day, an international effort by governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information. A key part of controlling information has always been protecting it from security threats like viruses, malware and hackers.

 

That's why we've developed a number of complex systems that operate behind the scenes to keep you secure on Facebook. In addition, we've created some advanced features you can use to help protect yourself even more, such as remote logout and one-time passwords. These features are especially useful when you're uncertain whether your network or computer is secure. Today, we're announcing two new such features.  

 

A Secured Connection

If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green. This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private. Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure.

 

 

Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the "Account Security" section of the Account Settings page.

 

 

There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.

 

Social Authentication

At Facebook we strive to put people at the center of all of our products and to design every experience you have on the site to be social. This is obvious in products like photos, where pictures are organized around the people that appear in them. We also want to bring the benefits of social design to experiences where you wouldn't traditionally expect them, like account security. Social authentication is our latest effort toward this goal.

 

The vast majority of people who have used Facebook have never experienced a security problem. However, if we detect suspicious activity on your account, like if you logged in from California in the morning and then from Australia a few hours later, we may ask you to verify your identity so we can be sure your account hasn't been compromised.

 

Many sites around the web use a type of challenge-response test called a captcha in their registration or purchasing flows. The purpose of this test is to verify that you are a human being and not a computer trying to game the system. Traditional captchas have a number of limitations including being (at times) incredibly hard to decipher and, since they are only meant to defend against attacks by computers, vulnerable to human hackers.

 

Traditional captcha

Traditional captcha

 

Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are.

 

Social authentication

Social authentication

 

We will continue to test social authentication and gather feedback from you and the security community on how to make this and other social features safe and useful.

 

 

To learn more about how to keep your information safe on Facebook and across the internet, please visit the Facebook Security Page.

 

 

Alex Rice, a security engineer, is enjoying Facebook from a coffee shop.