At Facebook, we're constantly working on new ways to protect you from scams and help you keep your account and information secure. Today, we're announcing some new tools and systems designed to keep the bad guys out and keep you abreast of suspicious activity so you can quickly take action to correct it.
We've always devoted significant time and effort to security. We've built technical systems that operate behind the scenes to quickly detect and block suspicious behavior, delete phony posts and messages, and return compromised accounts to... their rightful owners. Most of these systems are invisible to the average person who uses Facebook. Very few people will ever experience a security issue on Facebook, which means that most of you have probably never noticed these systems at work. Rest assured that these systems are there, though, protecting you and your friends.
Over the last few weeks, we've been testing a new feature that allows you to approve the devices you commonly use to log in and then to be notified whenever your account is accessed from a device you haven't approved. This feature is now available to everyone.
To try it out, go to the Account Settings page and click on the link next to "Account Security" at the bottom of the page. If you select the option to receive notifications for logins from new devices, when you log in, you'll be asked to name and save the various devices you use to access Facebook.
For example, you can save your home computer, your school or work computer, and your mobile phone. Once you've done this, whenever someone logs in to your account from a device not on this list, we'll ask the person to name the device.
We'll also send you an immediate email notification - and if you want, a text message - so that you're always up to speed on how your account is being accessed. This notification will provide steps on how to reset your password and remove the device, so you can quickly secure your account if it's being accessed from a device you don't recognize.
We're not aware of any other service that does this, and we encourage you to try it out.
Blocking Suspicious Logins
We've also built a new system to block suspicious logins before they happen. When we see that someone is trying to access your account from an unusual device, we'll ask the person to answer an additional verification question to prove his or her identity as the real account owner. For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you've previously provided one. These questions are designed to be easy for you, and hard for a bad guy, and we've already seen some great results.
Once you've confirmed your identity, you'll have the opportunity to review recent logins on your account and reset your password if you see logins that you don't recognize.
You won't go through this flow often. We'll only ask you to prove your identity on the rare occasion that we notice something different. If you're ever asked to go through this flow, that's just Facebook's site integrity team saying "Hi" and that we're here to help you protect your account.
We're confident that these new tools and systems will do a lot to prevent unauthorized logins and the nuisance they can cause. As always, though, the first line of defense is you. We need you to help by practicing safe behavior on Facebook and wherever you go online.
Be careful where you enter your password, and don't download suspicious-looking software. We've posted more tips and information on how to be safe on our Facebook Security Page, so check it out and "Like" it for ongoing updates.
Lev Popov, a software engineer on Facebook's site integrity team, is keeping track of his Facebook logins.