Facebook announced several security enhancements last week including a new two-factor authentication system and a partnership with a service that can help users avoid clicking on risky or malicious links.
With the optional new Login Approvals service, users will be required to enter an additional code, sent to them via text message, when logging in from a new or unrecognized computer or device. Once the code is entered, users then have the option to save the device to their account so that it no longer requires additional authentication, according to a Facebook blog announcing the new measures.
Users will also see when attempts have been made to access their account from an unrecognized device, but no code was entered, according to the post. If users don’t recognize the login attempt, they’ll be able to change their password “with the knowledge that while someone else may have known [the] login credentials, he or she was unable to access your account.” Login Approvals can be enabled through the “Account Security” section of the account settings page, according to the post.
One aim of the new service was to balance security and usability, according to a separate Facebook blog post. Two-factor authentication sometimes requires users to download applications or to purchase physical tokens, it states. “These are good approaches, and we're considering incorporating them in the future, but they require a lot from the user before being able to turn on the feature. To have the biggest impact and provide this added security to the most people, we decided on SMS.”