Facebook is finally rolling out 2-Factor Authentication (2FA) rules for some of its highest-risk accounts.
It’s a smart move, protecting respected Facebook users, especially those seen to be responsible and accurate information – think journalists, politicians, celebrities, and you get the idea. Someone is gaining access to one of these accounts and pretending it could have widespread, harmful effects. The company made the announcement Thursday while pre-briefinging some journalists and then directing them to the full story. wired,
I wonder why it took so long?
Stories of people in all stations of life whose important accounts have been hacked are all too common. I usually find out when someone sends me a separate email or text saying, “Help! I’ve been hacked!” What’s worse is when they don’t know and I see strange activity on their Facebook account and send a private note via other channels: “Hey, I think your Facebook has been hacked.”
2-factor authentication is a simple idea that very few people adopt because they see it as annoying or overly complicated. Simply put, whenever you log into a system, you have to prove through a secondary device or system that it’s really you, which gives you a way to apply to that first system. can provide code.
Some 2FA systems use SMS text to your phone (or voice call), others use proprietary hardware that spit out unique, time-sensitive codes that are also entered into the original system.
For most people, the primary device that handles 2FA is their smartphone. Most security system managers agree that if you have your phone with the SIM and the unique phone number on it, that’s as good as it needs to be to get it for verification. Put another way, how likely is it that someone is trying to access your email and maybe even your phone with the password you found on the dark web to log into your Facebook?
Inside Facebook Protect: What’s New?
The system in question, known as Facebook Protect, was originally designed as an opt-in for political figures. In addition to 2FA, there is a page publishing authentication system to ensure that no one publishes objectionable content on candidate pages, and requires that page managers use real names.
The new plan takes Facebook Protect further, in that Facebook actively identifies at-risk users or groups of users and targets them to enroll in Facebook Protect. Personally, I’d like Facebook to follow Google’s plan and require 2FA for all users.
It’s not a perfect system, and there are reports of phone scammers convincing unsuspecting service users (banks, cryptocurrency wallets, Venmo, PayPal, and other accounts that use 2FA) to share 2FA SMS codes. Still, it’s better than a single, poorly crafted password, or being passed around like so much gossip on the dark web.
Facebook’s plan, which seems small and almost temporary, may still be a harsh wake-up call for at-risk users who missed the memo and, after ignoring several prompts to enable 2FA, find themselves on their own accounts. can lock with.
However, as Facebook’s security policy chief Nathaniel Gleicher told me via twitter that “the number of warnings will vary by country/context — we’re making adjustments to make sure people have the time they need. So far, we’ve seen that the overwhelming majority (90%+) Enroll on time.”
Being locked out of Facebook will not be a good situation. But it’s definitely better than a hacker or prankster posting things in your account that nobody wants to see.