Starting today Facebook provides users the ability to experience
Facebook entirely over HTTPS. The company also announced a new way to authenticate users.
Until now, Facebook used HTTPS whenever a user sent password to the
web site's servers but today Facebook is expanding its usage in order
to help keep users' data even more secure. Facebook encourages users
to cinsider enabling the HTTPS option if they frequently use Facebook
from public Internet access points found at coffee shops, airports,
libraries or schools. The option can be found under Facebook's
"Account Security" section of the Account Settings page.
However enabling HTTPS makes encrypted pages load longer and also
some Facebook features, including many third-party applications, are
not currently supported. Facebook said that it would work to resolve
these remaining issues.
The company also introduces the "Social authentication" feature.
Many sites around the web use a type of challenge-response test
called a captcha in their registration or purchasing flows. The
purpose of this test is to verify that you are a human being and not
a computer trying to game the system. Traditional captchas have a
number of limitations including being (at times) incredibly hard to
decipher and, since they are only meant to defend against attacks by
computers, vulnerable to human hackers.
Instead of showing users a traditional captcha on Facebook, one of
the ways to verify a user's identity is through social
authentication. Facebook will show users a few pictures of their
friends and ask them to name the person in those photos.
Facebook's new security measures come just a few days after the
company's CEO Mark Zuckerberg discoverd that his own Facebook page
was "hacked." Overnight, the cryptic message was posted to the
Facebook fan page in the name of the 26-year old billionaire founder.
Facebook has said "a bug" was to blame for the odd posting.
The message led to speculation that the the site had been hacked or
Mr Zuckerberg's account was compromised.