Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

Facebook Intros Secure Connection, Social Captchas, but Is It Enough?

Facebook security measure

Facebook is the guardian of personal data on around one tenth of the human race, and it's always under fire for its lapse security. So it's trying to get really serious about the matter, with two big new features.

Now that Facebook's membership has surpassed 600 million souls, or roughly one in 10 people on the planet, it's probably about time to get a little serious about securing all that data from malicious hackers, malware writers, and other ne'erdo-wells. Facebook's pushing it as being a move in sync with this Friday's international "Data Privacy Day," which is a global "effort by governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information."

Whichever way you look at it, Facebook's tightening of security is a good thing. They've added one-time passwords and remote logout powers previously, but the latest two security measures are really pretty serious.

HTTPS Secured connections

When you log in to your online banking service, or go to Amazon's checkout area, you'll notice the padlock icon in your browser—it's a sign that instead of browsing to plain old HTTP-connected web pages, with their open security and capability of being intercepted, you're now accessing a site over a HTTPS secure connection. Facebook uses this protocol very time you type in your password, as a way of protecting that data, but today it's expanding HTTPS security protocols to every page you access inside the social network.

But it's not automatic, and it's an opt-in setting that Facebook advises you to use if you "frequently use Facebook from public internet access points found at coffee shops, airports, libraries or schools." The reasons for this are that the encrypted Facebook sessions will load more slowly, and some third party applications inside Facebook will be incompatible with the needs of HTTPS.

Social Captchas

Facebook also notes it strives to "put people at the center of all of our products and to design every experience you have on the site to be social." With that thinking, it also wants to "bring the benefits of social design to experiences where you wouldn't traditionally expect them," and in this case it's making your account security more social too.

You're probably familiar with text-based Captcha codes, which require human eyeballs and thought processes to decode a disguised text phrase so that a machine-based hacking code can't crack a password entry point.

Facebook's been testing (and is now launching more widely) its own version, based on your social graph. When you try to login from now on you may find yourself faced with a gaggle of photos of a friend of yours, and then there'll be a question underneath that asks you "This appears to be:" and a list of your friends, with the right answer concealed among them. This will probably defeat "hackers halfway across the world," as Facebook notes, as they'll not know who your friends are. It likely won't defeat a malicious actual friend of yours—someone keen to get into your account and mess with you—but that's a different security problem.

To read more news on this, and similar stuff, keep up with my updates by following me, Kit Eaton, on Twitter.