Facebook has implemented a new security feature called Account Protection which informs users of how secure their account is. The feature is displayed in a new sidebar module and as a status bar at the bottom of the “Update Your Security Information” page which debuted last month. Users with a “very low” protection status are prompted to verify additional email addresses to prevent identity spoofing, connect their mobile phone to Facebook as an additional account retrieval tool, and add a security question for account owner verification.
These three security information questions which are tabulated in the new status bar were added last month to help protect users from being locked out of their account by scammers, malicious friends, or by accident. Other recently implemented security features include one-time passwords, remote log out of active sessions, notifications and a log of new devices used to access a user’s account, and friend request spam prevention.
An aggressive security feature which forces users to identify friends by their profile pictures to log-in resulted in many rightful owners being locked out of their accounts. Many of these users could have quickly regained access had they activated additional retrieval methods, which may have pushed Facebook to release this new Account Protection feature.
Users with a “very low” protection status may see an Account Protection sidebar module while browsing Places or other in-house apps. The module displays a user’s protection status and provides a link to “Increase protection”.
When followed, users are brought to the “Update Your Security Information” wizard, which has been broken down into a three-step flow. At the bottom of the wizard, users see an “Overall Protection” status bar, which fills as they complete the steps of the flow. Clicking the question mark next to the bar pops up a prompt showing actions left to be taken to “Strengthen Your Security” and “reach a ‘High’ Account Control level'”.
Facebook should be commended for using unambiguous security questions like “What street did you live on when you were 8?” opposed to vague questions like “What street did you grow up on?” which are commonly used by other web services. Some might worry about Facebook spamming users through their additional email addresses or mobile phone, but Facebook won’t contact users through these mediums unless explicitly requested.
Similar to Facebook Impact, Facebook chose to use terminology and visual cues similar those in social games to encourage user action. Getting users to activate additional retrieval methods prevents them from having the awful experience of being locked out of their account for months, and reduces the strain on Facebook technical support caused by these disgruntled users.