As part of National Cyber Security Awareness Month, Facebook has begun the rollout of two new security features to help users regain access to their accounts if they’re locked out and let them access third-party applications safely. Trusted Friends lets locked out users have an access code sent to their close friends. App Passwords lets users bypass the Login Approvals security feature that doesn’t work with some apps by using a unique app-specific password.
Facebook users can sometimes be locked out of their accounts by Facebook’s automated security systems that occasionally produce false positives, as well as by hackers. Users who know about these new features and take the time to enable them will benefit from a reduced chance of being blocked from their account. This will help Facebook reduce the number of horror stories about users losing access to their account for days or weeks, which can permanently hurt users’ perception of the service and lead people to rail against Facebook to their friends.
Trusted Friends builds on Facebook’s Social Authentication security feature that lets users regain access to their accounts by identifying friends in photos — something very difficult for a hacker to do. Facebook likens Trusted Friends to “giving a house key to your friends when you go on vacation”. If users lose their own key (password) as well access to their email account to which a forgotten or lost password could be sent, a friend can unlock their account for them.
To enable Trusted Friends, users will select three to five of their closest friends who’d be willing to help and wouldn’t abuse the ability to access their account. If a user is then locked out, they can then have an access code sent to these friends, who then share it with them in person, or via an electronic means other than Facebook. The locked out user can submit the code to unlock their account.
In some cases Social Authentication can prove to difficult for users to complete, especially if the photos shown are of a friend when they were younger, or of a weak acquaintance such as someone met through social games. Facebook has improved the feature over time to only ask users to identify photos that clearly display a face of a friend they frequently interact with. Still, false positives have occurred and legitimate account owners have been be denied access. Now if this happens, Facebook can use Trusted Friends, if enabled, to prevent sustained account lockout.
Facebook implemented a security feature earlier this year called Login Approvals that when enabled requires users to enter a security code texted to their phone whenever they login to Facebook or a third-party app. However, some types of apps using atypical interfaces, such as Xbox, Spotify, and Skype don’t properly generate the code entry dialog. This can cause users with Login Approvals enabled to be denied access to these third-party apps.
To solve this problem, Facebook has created App Passwords. Rather than entering their primary Facebook password alongside their email address, they can enter a unique App Password instead to effectively turn off Login Approvals for that app. Users can visit the Account Settings -> Security tab and enter the name of an app generate a unique password for it.
While App Passwords are only necessary for a the small percentage of people who both use Login Approvals and some special apps, Trusted Friends can help all users. Facebook should run an awareness campaign for the feature finishes being rolled out. That way it can continue aggressively protecting the site from hackers but reduce the risk of users enduring the nightmare of being blocked from the social network that’s one of their core communication mediums.