Facebook’s Suspicious Login Tracking
This is kind of old news, but I’ve only recently become acquainted with Facebook’s tracking of suspicious logins. If you only use a couple of devices, or haven’t traveled around much, you may not have seen come across these recent security additions to the authentication mechanism.
When logging in to Facebook, the site looks up the last location you logged in from (by geolocating the IP address), and compares it to a list of ‘known’ locations. If the location the user is logging in from is beyond a certain ‘distance threshold’ from the known locations, the user will be challenged. There are two types of challenges that can be chosen; the first is to recognise friends based on their picture (a solution I find both elegant and effective); the second is to answer a pre-set security question. If the user fails both of these challenges (I did… go figure), they have to wait an hour before trying again.
The next time you successfully log in, you will be alerted to any recent suspicious login attempts, complete with a geolocated map of that attempt’s location (see screenshot).
This feature has been added to Facebook’s authentication mechanism, and is thus on by default for all accounts. There is another feature however, that is not on by default, but is also interesting. You can set Facebook to notify you whenever a new computer or mobile device is used to log in to your account. This setting is found under Account Settings -> Account Security -> Login Notifications.
Thought this would be of interest to anyone looking to further secure their use of Facebook. Check out their full blog post about these features.
Loading ...
The same thing just happened to my FB account, and I’ve followed the steps so far until reaching the geolocation map of the suspicious IP that attempted to log in.
I have clicked the “I don’t recognize” button multiple times but I get no response at all, it’s like the page just hangs. Is it supposed to take that long? I’ve waited over 5 minutes for the next page/step to display, but nothing. What gives??
HI Raul,
This definitely isn’t normal. The page should refresh almost instantly. You may want to consider contacting Facebook security if you are still not able to complete the process.
In any case, I recommend going into your Account Settings > Account Security, ending all other active sessions, and changing your password.
I just recently had a suspicious login activity from Hanoi, Vietnam! I live in California. When I logged in, they showed me the map of that suspicious location, and I then changed my password. Does this mean that someone successfully logged into my facebook from that distant location, or does it just mean that attempted?
Is it also necessary to change my password? I liked my old password. If someone did know my password, the only significant person info they would have is my email and birthdate.
Hi Kobe,
I think it your case it was just an attempted login. If it was a successful login, you wouldn’t have known, unless you had Login Notifications turned on, in which case it would’ve just told you.
It probably wasn’t strictly necessary to change your password, although with anything relating to account logins and credentials, it never hurts to change your password (hopefully to something more secure – ie. not your birthdate ;). People get far too attached to passwords they ‘like’.
Hope this helps!
Thanks for the response SJ. I turned on my login notifications now.
Do you have any idea as to how this person found my account? Or is this just a random act? I find the particular suspicious location very interesting since I am Vietnamese but I was born here in California…
the last 4 days I have changed my password over 5 times because of this, I also changed my email address, this thing is driving me crazy. I get this message almost every time I login. so what to do now? is someone trying to access my account or do i have problems with my pc. the logins were in periods of the day i wasn’t trying to access. is it possible to have your password stolen not even 12 hours after changing it??? i dont get. i have logged in only from my comp. and the other question is, if someone is really trying to access my account, how dd they get to my email address. nobody knows it. i changed it yesterday from my home pc. what can i do??
Hi lady32,
Getting a notification each time you login is strange. Only reason I can think is because you could be coming from a different IP each time? Probably not if you’re on ADSL. If you’re getting notifications even when you’re not trying to login, and after having changed your password, you could potentially have some malware that’s stealing your email/password.
Try changing your password on another trusted computer (hopefully clean), and don’t login on your usual computer. Wait a couple days and see if the suspicious logins continue. If they don’t, you could have an issue on your computer. You can also try contacting Facebook to see if their security team can help.
Hope this helps!
Thank you very much for answering so quickly.
Every time i have changed password or email i did it from my home pc. I dont know, actually this started to happen after i formated it (is this the word) . I made a general scan from eset smart security ( from the one instaled on my pc and online. Nothing. I think the problem is that my account doesn’t recognize a known location from me. The thing is, i get it almost every time i login, ” u are trying to access from a location we’re not familiar with”. so ok, maybe its the ip change, but what about the logins in times of the day i havent even tried? is this time thing absolutely correct? Ah and please how can i contact facebook if this situation goes on? Thanks again
It is indeed unusual that you’re getting login notifications even when you’re not trying. Like I said, you can try using another machine for a few days and see if that changes anything. Contacting Facebook security isn’t easy… but I recommend looking around on their security pages: http://www.facebook.com/security#!/security?v=wall
someone tried to hack mine for the third time and this time they were busted cause I turn on the saftey feature
I logged to find someone had attempted to access my account from another unknown computer. I showed me a map and it turned out to be someone known to me. I need to get back to the page that shows the location of the IP address. Is this possible and if so how?
Hi Andrew,
I’m not sure you can get back to that suspicious login page. The only other page that is useful is the Active Sessions page: https://www.facebook.com/settings?tab=security§ion=sessions&t
Hope this helps.
Thanks, That shows the current Sessions location. The unknown user did not manage to ligin but made an attempt. Thank you for your quick reply.
Andrew Dolan
So, will I see the message about attempted access to my account from an unknown computer (with the map) if they type in my email and a wrong password once or do they actually have to get beyond the email and password portion of the login. Also, will facebook let me know if someone tries repeatedly to login with the correct email and wrong password?
Hi Marco,
I believe you will get the ‘suspicious login’ page with the map only if they successfully log in. I don’t think you’ll see that page if someone is trying incorrect passwords for your account. If you do see that page and you don’t recognise the login (ie. you were on holiday somewhere at the time), I recommend changing your Facebook password. Make sure you choose a strong password! :)
SJ– Thanks! I appreciate the info. I haven’t seen the map with the suspicious login but my wife had that come up once shortly after she added the notification choice to her settings. Needless to say, she changed her password. Sad that people have time to try and hack into someone else’s facebook account.
Marco. I had this happen today. I looked at the map given to me, and the location of the person who tried to log in as me is in my state, in fact not far from my current home location. This is relevant because my laptop was stolen in a burglary 2 weeks ago. So you might know the answer to my question, maybe not, but I’ll ask anyway. The Facebook security feature uses Geolocation to map the log-in attempt, which I understand is not very accurate, however, I believe the person trying to log-in is trying to do so from my stolen laptop, which would make it reasonable to believe that the location given to me is accurate (in my state and barely a city over) Could this position on the map Facebook is giving me be the correct general location?
Hi Jason,
To be more accurate, it’s not strictly geolocation that Facebook is doing, inasmuch that it doesn’t actually use GPS or WiFi location. It’s determining the user’s location based on their IP address, which means that in many cases it’s a rough estimate. That said, these days IP address locations can be very accurate, and most will at least point to the correct city. There are exceptions to this rule where you find that your IP address actually points to a town nearby (which might be where your ISP is situated).
Unfortunately, Facebook doesn’t divulge the suspicious IP, so you can’t follow up on it. In your case, I would assume the location is correct and go from there. You can try contacting Facebook to obtain the suspicious IP, but not sure whether they’ll divulge that information (even though it was accessing your account).
Best of luck!
SJ
your website is soo good. i wish i could write like you someday. thanks for the good post.http://www.cartoonnetworkjogos.net
is there a way to track who has been logging into my fb account? almost daily, in my security settings/”active session” notations, it indicates an iphone user has logged onto my account. i do not have an iphone. i end the session, of course, but they eventually log back in. i have changed my password and cannot imagine who is accessing my account. i’ve registered my cell phone and home computer as identified “known devices” along with “login notifications” being enabled. i have never been contacted when this unknown device accesses my account, i just see it listed as an “active session”. besides initiating the “log in approval” option, is there a way to find out the identity of the iphone owner??…i would love to figure out who this person is!!
How about mobile? sometime i notice there’s suspicious location get through my account using iphone. I’m using iphone too. is it because of router IP?
Hi. I have an issue that my facebook status shows me to be in a totally different state. I have followed the facebook security procedure to delete the location from my security active sessions and I have changed my password but still when I post a status it shows me to be in a different state. I have repeated the procedure several times but still I am logged in a session from a different state. Can you advise me how to disconnect from the offensive location and get back to where I should be? Thanks!
Hi Denice,
This is not entirely uncommon. Sometimes the IP address provided by your ISP (for whatever reason), is actually associated with a different location. Either that or the GeoLocation database that Facebook are using doesn’t have the correct location.
You’ve taken all the correct steps so I doubt anything suspicious is going on. I can only suggest to contact Facebook about it if you’re still worried.
Having issues with my facebook DROID. Saying I am active in a different state, sometimes as many as 3I states. Im not anywhere near there. I have taken the necessary steps to stop the sessions. Does it mean they got in or not?
Ok, so my little sister doesn’t have the best sense when it comes to things but she actually told me about her trying to hack her ex-girlfriend’s Facebook. Not sure why she told me, but she did and now ‘m worried she’s going to get caught/face charges.
She said she knew the ex’s e-mail address but not the password to the e-mail account or her Facebook. She attempted to do the reset FB password by saying she no longer had access to the addresses on file. She typed in a new e-mail account and it asked for a new password but I guess it never actually reset? She said it brought up the security questions and she ended up answering them correctly right (I have no idea how she got this info) but she said never got an e-mail at the new address and it never actually went through with changing her password so basically she never had a successful login? She didn’t use those words but she did say she never actually got in the account.
So, I’m wondering..is her poor ex getting all kinds of notifications that someone TRIED to login to her account and it failed or would she have only gotten a notification had my sister actually gotten into the account successfully? I’ve pretty much given her hell about this situation and how wrong it was, but am trying to figure out how deep the mess actually is. Thanks in advance for feedback.
Hi, is there a way to view the history of the failed geolocated attempts after a successful login? I got that screen but didnt think much of it coz it was probably a glitch but then i found out someone’s trying to get inside my twitter too so im thinking its the same person and i want to find out who. Thanks
when im logged to facebook on my iphone through wifi which is a static ip address, on my active sessions it tells me each time i have accessed it even though the ip address hasnt changed and i havent logged in or out on my device, i have only accessed it from my app which is permantly logged in, so why does it keep saying ive logged in?
How do I delete the time I was last active in my mobile messenger app?
Everyone keeps dismissing the change in locations of logins and just waves it away saying its just IP address or location services a bit off. But even if it is, and its not people in a different state on the other side of the continent, then what’s the actual point of it all if its not accurate? Because in the end, I don’t know who or where the login originated. So it could be hackers, or it could be just us
Most of the time it is actually fairly accurate. One giveaway to keep an eye on is the browser and OS that the suspicious login is using. If you only use Macs or iOS devices and the login is from a Windows device, then chances are there’s something suspicious going on.
hi – how long does facebook keep a list of the active sessions it shows? does it clear it at some time? is there a way for it to not log where your last session was so someone else who logs into your account can see where you were?