Facebook, in the month of May 2011 has added 2 new features to enhance the user safety and security.
Facebook's reaction to improve the security may be considered a little late, because a number of other big websites have implemented the same things several months ago.
Probably some of you have experiencing your Facebook account was hijacked and compromised by unresponsible people. Even you might forced to create a new account because the old one can not be accessed after hijacked.
However, although it is a bit late, at least it's better than nothing at all, isn't it?
Facebook Security Login Approvals
Login Approvals is a Facebook new security feature that aims to prevent someone hijacking your account or used by other people who are not responsible. When an unknown person is trying to log into your account, then Facebook will send you a confirmation code via text message to your registered mobile phone.
If that person can't enter a verification code correctly, then he can not log into your account (YES).
This is a major breakthrough for Facebook users to reduce the risk of account hijacking. So even if someone knows your username and password, he can not access your account without enter the verification code sent to your mobile phone correctly.
Setting Login Approvals
From the menu at the top of your Facebook,
Go to Account -> Account Settings -> Settings Tab -> Account Security
Click change in the Account Security and it will has the option to enable Login Approvals at the bottom as shown by the picture below.
Tick the checkbox and the screen overlay will appear contain a few instructions to activate the feature. Just follow several steps on screen overlay and you'll get this feature activated in few minutes.
Note that it might takes few minutes for a text message contain verification code to arrive on your mobile phone. After you enter the code, you'll have to give a name to the current computer you use to login to your account (you can name it anything) to make it whitelisted.
Andrew Song, Facebook Engineer said that Facebook is considering to merge the Login Approvals with other security verification features such as using specific security application or token as quoted below from the official Facebook blog :
One challenge in building login approvals was balancing security and usability. Similar features on other websites require you to download authentication apps or purchase physical tokens to act as your second factor. These are good approaches, and we're considering incorporating them in the future, but they require a lot from the user before being able to turn on the feature
Bad URL / Link Warning
This time Facebook is working together with Web of Trust (WOT), a security firm in Finland, to protect users from various malicious links. WOT collects millions of domains and URLs that suspicious or malicious (phishing, fraud, or contain malware) to be included in the black list based on the WOT community votes and reports.
When you click on a link, then WOT will scan the URL simultaneously whether it's in the black list. If the URL is found suspicious or malicious, you will get a warning message and suggestion not to continue visit that site. But if you want to continue and ignore the warning, just proceed with caution on your own risk.
"We are confident that WOT reputation ratings will make the Facebook experience safer for everyone. Our community has worked hard for years uncovering scams and threats, reporting bad customer service, dubious privacy practices and protecting kids from unsavory sites. Our cooperation with Facebook validates all the effort WOT users put into sharing information," says Vesa Perälä, CEO of WOT Services Ltd.
But many observers say that WOT system can still be gamed by groups of cyber crime which (of course) could reporting the legitimate websites as malicious and otherwise, voting (their) malicious web sites as legitimate. Even so, warnings on Facebook for any dangerous sites from WOT will further enhance the security and awareness of users in order to not visit them.