14 DAY TRIAL // Facebook users can now register the browsers they regularly employ to log in from and choose to be alerted when their account is accessed from somewhere else. In case of suspicious activity, additional security questions must be answered, after which the recent logins can be reviewed.
"Over the last few weeks, we've been testing a new feature that allows you to approve the devices you commonly use to log in and then to be notified whenever your account is accessed from a device you haven't approved. This feature is now available to everyone," Lev Popov, a Facebook software engineer, announces on the company's official blog.
The new option to receive such notifications can be found on the Account Security section on the Account Settings page. Once this is activated, when logging in, the site will ask users to name the "devices" they are employing and will give the option to have them remembered and automatically approved for future sessions. When a new device is added this way, Facebook sends out an e-mail and, optionally, an SMS notification.
What Facebook calls devices are actually browser installations, because as far as we can tell, the system works by installing special cookies. In our tests, attempting to login from a different browser installed on the same computer will still trigger the device name prompt. This is also true for different installations of the same browser, such as a local and portable one.
A secondary account security feature introduced by the number one social networking site involves blocking suspicious logins. "When we see that someone is trying to access your account from an unusual device, we'll ask the person to answer an additional verification question to prove his or her identity as the real account owner. For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you've previously provided one," Mr. Popov explains.
Unfortunately, it's not clear to us what Facebook means by an "unusual device" or what exactly triggers this additional verification process. One thing's clear, though, once the identity of the account owner is verified, they have the option to review recent logins and decide if a password reset is in order.
It's good to see that Facebook is doing something for the security conscious users, who would like to know right away if their accounts were possibly compromised. Stolen Facebook accounts are used as merchandise on the underground market because they are valuable to spammers and malware distributors.
