Facebook Officially Introduces Two-Factor Authentication

Facebook has officially launched a two-factor authentication feature dubbed Login Approvals aimed at protecting user accounts even in the case of login compromise.

Multi-factor authentication systems combine user passwords with additional verification methods in order to ensure the user's identity.

Such mechanism have been commonly used in the financial sector where the secondary code is generated by a hardware token in the user's possession or on their mobile phone.

Facebook's Login Approvals requires users to associate a phone number with their account and sends the authentication code to it when needed.

The feature kicks in only when users attempt to login from a device that hasn't been used before on the account.

This helps users protect their account from abuse even if hackers manage to steal their login credentials through phishing, malware infection or other ways.methods.

"If we ever see a login from an unrecognized device, you'll be notified upon your next login and asked to verify the attempted account access.

"If you don’t recognize this login, you'll be able to change your password with the knowledge that while some one else may have known your login credentials, they were unable to access your account and cause any harm," Facebook explains.

In case people lose or forget their phone, they will still be able to access their account from a device that has already been flagged as trusted.

The feature does raise some privacy concerns because it requires users to share their phone number with Facebook, a company that doesn't have a great track record when it comes to keeping information private.

Earlier this year Facebook outlined plans to allow apps to access people's home address and phone numbers, a feature which the company is still working on.

"It's a pity Facebook isn't offering an option to let you enable 2FA [two-factor authentication] every time you login. It would be even nicer if they added a token-based option (and they'd be welcome to charge a reasonable amount for the token) for the more security-conscious user," says Paul Ducklin, head of technology for the Asia Pacific region at antivirus vendor Sophos.