Facebook receives an ungodly amount of calls and emails from users who have been locked out of their accounts. In response, Facebook now allows you to designate “trusted friends” that can help you reset your password through codes sent to their account. This ushers in a new breed of possible social engineering tactics, no longer relying solely on the security mindedness of the end user. While most Facebook users will not be worth a hacker’s time, high value targets should make sure to choose trusted, and security conscious, friends carefully. This is also true should you simultaneously offend all of your trusted friends at one time, as they could pool their resources to take control of your Facebook and enact revenge. Read on for the full story…
Facebook adds ‘trusted friends’ and app-specific passwords
By Rosa Golijan
In honor of National Cybersecurity Awareness Month, Facebook reminds its users of existing security techniques and tools — and adds some new features which will supposedly keep you more secure on the social network.
A blog post by Facebook’s security team — yes, there really are teams dedicated to such things at the company — explains that two new features are being added to users’ account settings: Trusted friends and app passwords.
The first of these two features — trusted friends — is intended to help you access your account if you are ever locked out of it for some reason:
Trusted Friends will let you select three to five trusted friends who can help you if you ever have issues accessing your account. [Facebook will] send codes to the friends you have selected, then you can log back into your account using these codes after your friends have passed them along to you.
Now while this feature sounds great in theory, there’s also potential for abuse. Your supposedly trustworthy friends could easily request the reset codes on your behalf and then share them among each other in order to have all the information necessary to kidnap your account for some sort of nefarious (or hilarious) purpose.
In other words: Be very, very careful when it comes to selecting guardians for your Facebook account.
National Cybersecurity Awareness Month Updates
by Facebook Security
The other new feature — app passwords — is supposed to help keep your Facebook account safer by providing you with a unique password to use with apps. You’ll generate these app-specific passwords by as necessary and simply enter them in place of your regular password when using third-party apps such as Spotify, Skype, and so on. You will be able to forbid a specific app from accessing your account by simply deleting the password you’ve generated for it at any time.
Security and safety are at the core of Facebook. We have entire teams dedicated to building tools that give people even more control over their account and specifically the way they access their information. In fact, many of our most talented engineers are working exclusively on creating a secure environment on Facebook. This October, as part of National Cybersecurity Awareness Month, we are working with others in the community to help educate people about techniques and tools for securing your devices and networks. Additionally, we thought this would be a great opportunity to tell you about some of the systems working behind the scenes to keep you and your data safe.
Today, we wanted to give you an update on some new features we will be testing in the coming weeks – Trusted Friends and App Passwords – and remind you of the many user tools we offer to help keep you secure on Facebook.
We’re excited to begin testing this new tool to help you in case you ever get locked out of your account. Similar to other features that help you prove your identity through your friends, you can now select three to five trusted friends who can help you if you ever have issues accessing your account. It’s sort of similar to giving a house key to your friends when you go on vacation–pick the friends you most trust in case you need their help.
If you forgot your password and need to login but can’t access your email account, you can rely on your friends to help you get back in. We will send codes to the friends you have selected and they can pass along that information to you.
There are tons of applications you can use by logging in with your Facebook credentials. However, in some cases, you may want to have a unique password for that application. This is especially helpful if you have opted into Login Approvals, for which security codes don’t always work when using third party applications.
We are testing a feature that allows you to use app passwords for logging into third party applications. Simply go to your Account Settings, then the Security tab, and finally to the App Passwords section. You can generate a password that you won’t need to remember, just enter it along with your email when logging into an application.
Over the past few years we have introduced a number of new security tools – Login Approvals, Login Notifications, and One Time Passwords to name a few. In addition, we have developed several back-end systems to help keep you and your data secure. To better illustrate the full range of these features and show how they all work together to keep you safe while on Facebook we are releasing this infographic. Check it out to learn more about our security infrastructure and an overview of the tools available to all our users to increase their level of account security.
Our considerable work has undoubtedly made Facebook a safer environment – less than half a percent of users experience spam on any given day and only a fraction of a percent of our users ever experience any security-related issues. But we know there is plenty of more work to be done and we will keep striving to make sure that every time you log in to Facebook, you have a safe and social experience. We are adapting and responding to new threats everyday and will continue to roll out new ways to protect your account. Be on the lookout for more announcements throughout the rest of this year, and remember to stay vigilant while online and remind others to do the same.