Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Internet Storm Center Diary 2011-05-22 InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Facebook goes two-factor

Published: 2011-05-22
Last Updated: 2011-05-22 19:34:37 UTC
by Kevin Shortt (Version: 1)
6 comment(s)

Facebook is now offering a new feature called "Login Approvals".   I call it part-time two-factor authentication mechanism.  Andrew Song of Facebook states:  "Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer." [1]

I have downgraded it to "part-time" because once you have approved the browser instance you are using to login to daily, it does not require execution of the second authentication until you have removed it from the list.  I clarify "browser" because you will be forced to re-auth from a different browser.  

On the upside however, it is an easy and ubiquitous solution that many people are inclined to incorporate in order to protect their Facebook account.  "Login Approvals" can be turned on in the "Account Security" section on the Settings tab of your Facebook Account Settings.


Kevin Shortt
ISC Handler on Duty

6 comment(s)
Diary Archives