14 DAY TRIAL // Facebook has announced a series of safety and security changes which include a new two-factor authentication system and improvements to its HTTPS support.
Multi-factor authentication systems combine traditional passwords with additional identification methods, like one-time-use codes or digital keys.
This kind of advanced account security mechanisms have been used in the financial sector for a while now.
Faced with computer trojans that steal online banking credentials, many banks have started offering such enhanced protection to their customers.
Two-factor authentication began getting some mainstream use thanks to Google, which introduced it for its Google Accounts earlier this year.
Google, which also spearheaded mainstream adoption of default full-session HTTPS, opted for a combination of passwords with codes generated or received via phones.
The codes can be received via SMS, generated using special mobile applications, or communicated by voice over phone calls.
"We're also starting to introduce Two Factor Authentication, a new feature to help prevent unauthorized access to your account," announced Arturo Bejar, a director of engineering at Facebook.
"If you turn this new feature on, we'll ask you to enter a code anytime you try to log into Facebook from a new device. This additional security helps confirm that it's really you trying to log in," he explained.
Unfortunately, Mr. Bejar omitted to say how the codes will be generated, but phone-based methods seem most likely. It's also good that users will not be bothered with this additional step every time they log in, but only when they authenticate from a new device.
In addition to two-factor authentication, Facebook also improved its HTTPS implementation, which due to the large amount of external content loaded into the website, was kind of impractical for users.
The improvement is that users browsing Facebook over HTTPS will now be offered the option to only temporarily switch back to HTTP when attempting to use applications that don't support such secure connections.