The “social CAPTCHA” method of authentication that Facebook developed to prevent the Tunisian government to access the accounts of the people whose login credentials they have stolen will become a standard fixture, confirmed Facebook’s Alex Rice.
They call it social authentication, and if suspicious activity is detected on a user’s account – for example, if the account was accessed in America in the morning and then a few hours later from a IP address located in Australia – the person who’s trying to access the account will be presented a few pictures of friends of the account’s legitimate user and asked to name the person in those photos:
“Hackers halfway across the world might know your password, but they don’t know who your friends are,” says Rice.
Another feature that Facebook is introducing is secure (https) browsing. So far, encryption was limited to your login process, but from now on – if you choose to do so – you can change your Account Security Settings by enabling that option.
Rice warns that those who choose that option might notice a slowing down when it comes to the loading of the pages, and some features and third-party applications not working because they are currently not supported in HTTPS.
“We’ll be working hard to resolve these remaining issues,” he says. “We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.”
We can speculate on whether these features were triggered by the recent hacking of Mark Zuckerberg’s Facebook account, or are really the result of the work done following the Tunisian government’s attempt to steal the passwords of Tunisian Facebook users, but in the end it doesn’t matter because it’s a welcome improvement.