The Facebook Blog

Facebook Page · RSS Feed

- More Ways to Stay Secure
  by Jake Brill on Tuesday, October 12, 2010 at 1:13pm
  Facebook provides a number of ways to help you protect yourself and your account, and today we are announcing new features to help make your experience on Facebook more secure.
  
  First, we're launching one-time passwords to make it safer to use public computers in places like hotels, cafes or airports. If you have any concerns about security of the computer you're using while accessing Facebook, we can text you a one-time password to use instead of your regular password.
  ...
  
  Simply text "otp" to 32665 on your mobile phone (U.S. only), and you'll immediately receive a password that can be used only once and expires in 20 minutes. In order to access this feature, you'll need a mobile phone number in your account. We're rolling this out gradually, and it should be available to everyone in the coming weeks.
  
  Second, the ability to sign out of Facebook remotely is now available to everyone. These session controls can be useful if you log into Facebook from a friend's phone or computer and then forget to sign out. From your Account Settings, you can check if you're still logged in on other devices and remotely log out.
  
  Under the Account Security section of your Account Settings page you'll see all of your active sessions, along with information about each session. In the unlikely event that someone accesses your account without your permission, you can also shut down the unauthorized login before resetting your password and taking other steps to secure your account and computer.
  
  Session controls page
  
  Lastly, when people log in to Facebook we will regularly prompt them to keep their security information updated. If you ever lose access to your account, having this information helps us verify who you are and get you back into your account quickly.
  
  You don't have to wait for us to prompt you; you can update your security information at any time from this page.
  
  Security information page
  
  We're always working to make your online experience more secure, and we encourage you to try these new features for yourself to help protect your account. For more security tips and updates, visit the Facebook Security Page at www.facebook.com/security.
  
  Jake, a product manager for Facebook's site integrity team, is locking it up.
  
  See More
- Topics: Security
- Like · Comment · Share
- Better Security through Software
  by Jake Brill on Tuesday, January 12, 2010 at 9:47pm
  One of the best defenses against security threats is a good offense, and we want to help you take the offensive by having the latest security software installed on your computer. Today, we are announcing a year-long partnership with McAfee to offer all 350 million people who use Facebook the ability to download a six-month subscription to McAfee security software at no cost, along with a special discount once the six months are over.
  
  You can take advantage of this offer by visiting the Protect Your PC tab on the McAfee Page on Facebook.
  
  We're... committed to doing everything we can to help you protect your account and make your experience on Facebook as safe and enjoyable as possible. We invest in dedicated teams and advanced technical systems that detect and block suspicious behavior. When we find a message with a link to a fake login page or other malicious website, we prevent it from being sent and delete all instances of it from the site. We also work with third parties to get malicious sites added to browser blacklists or removed completely.
  
  For the rare case in which an account is compromised, we've developed a unique process that requires the account owner to take steps to secure the account and learn security best practices. We've also incorporated custom McAfee software into this process for people identified as having infected computers. Now, if your computer is infected, you will be asked to run a scan like the one shown below and clean it before accessing Facebook. We're not aware of another free Internet service that takes this much responsibility for helping people keep their accounts secure.
  
  We have a lot of control over security measures on Facebook. However, we don't control other websites and services you visit that might infect your computer. For this reason, we recommend that you install updated security software, which you can now do at no cost through this partnership, and that you always follow these safe practices:
  Don't open attachments in emails that look suspicious or come from an unknown or untrustworthy source.
  
  Don't open attachments unless you know what they are, even if they're from friends.
  
  Delete chain mail and spam from your email and Facebook inboxes.
  
  Be cautious when downloading files from the Internet.
  
  Be cautious of any message, post or link you see on Facebook that looks suspicious, requires an additional login, or asks you to download or upgrade software.
  
  Use an up-to-date browser that features an anti-phishing blacklist. Some examples include Internet Explorer 8 and Firefox 3.0.10.
  
  Choose unique logins and passwords for each of the websites you use.
  
  Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.
  
  Become a fan of the Facebook Security Page to receive more tips, updates on the latest threats and other information to help you protect your computer and online accounts.
  
  Jake, a project manager for the site integrity team, is keeping his computer clean.
  See More
- Like · Comment · Share
- New Tools to Secure a Compromised Account
  by Jake Brill on Friday, July 17, 2009 at 10:24am
  In our continued battle against cyber criminals, one of the biggest challenges we face is helping people whose accounts have been compromised by spammers understand how it happened and how to fix the problem. The vast majority of people who use Facebook have never experienced a security problem. For the small number who do, knowing how to fight back is key.
  
  It can be an embarrassing experience to log in to Facebook to find that unauthorized messages have been sent from your account and then face questions from friends who have received spam from... you.
  
  We've spent the last few months improving the way to guide people through the process of regaining access to their account after it's been compromised and used to send spam. Currently, we send emails explaining what happened and provide links to remedy the situation. Now we're moving towards a new model that also involves clear and simple steps taken within Facebook itself. In doing so, we can ensure that the person logging in is the true owner of the account, thereby preventing hackers from using it to send spam in the future.
  
  Going forward, we'll continue to send a notification email to the tiny percentage of people whose Facebook accounts have been compromised. What's new is that when these people try to access the site, they'll first see a page explaining what happened, as shown below.
  
  Next, they'll go through a quick verification process to ensure that they're the legitimate owner of the account in question. Finally, we'll help them pick a new, secure password and refer them to the Facebook Security Page, which includes helpful tips and information on how to be safe on Facebook and across the Internet.
  
  This new change will help us not only fight spam, but also spread the word about security on Facebook. In the coming months, we'll be rolling out similar processes to address the different threats people may face. Our teams are working hard to make sure you never experience a security issue on Facebook, and in the rare case that you do, we're committed to making the process of regaining control of your account easy and informative.
  
  Jake, a project manager for the site integrity team, hates spam but loves bacon.
  See More
- Topics: Spam, Security
- Like · Comment · Share