Facebook Hackers from the Future!
I got this email from Facebook today, and apparently my account was accessed on an iPhone by someone in the future! OMG HAX.
Either today is the day I successfully complete my time machine (made exclusively from broken pieces of the Large Hadron Collider) – or hackers in the future are wreaking havoc in my account, and there’s nothing I can do about it! At least Facebook were kind enough to notify me…
In reality this is happening because I’m in GMT+11 and Facebook’s servers in San Francisco are in GMT-8, making for an awesome 19-hour time difference. Unfortunately this makes my story far more mundane, so I’m sticking with hax0rs from the future. I think the guys at Facebook may want to disambiguate this email somewhat by putting in the date/time in UTC.
If you too want to be notified when there are unexpected logins to your Facebook account, check out my post on Facebook’s Suspicious Login Tracking.
Facebook’s Suspicious Login Tracking
This is kind of old news, but I’ve only recently become acquainted with Facebook’s tracking of suspicious logins. If you only use a couple of devices, or haven’t traveled around much, you may not have seen come across these recent security additions to the authentication mechanism.
When logging in to Facebook, the site looks up the last location you logged in from (by geolocating the IP address), and compares it to a list of ‘known’ locations. If the location the user is logging in from is beyond a certain ‘distance threshold’ from the known locations, the user will be challenged. There are two types of challenges that can be chosen; the first is to recognise friends based on their picture (a solution I find both elegant and effective); the second is to answer a pre-set security question. If the user fails both of these challenges (I did… go figure), they have to wait an hour before trying again.
The next time you successfully log in, you will be alerted to any recent suspicious login attempts, complete with a geolocated map of that attempt’s location (see screenshot).
This feature has been added to Facebook’s authentication mechanism, and is thus on by default for all accounts. There is another feature however, that is not on by default, but is also interesting. You can set Facebook to notify you whenever a new computer or mobile device is used to log in to your account. This setting is found under Account Settings -> Account Security -> Login Notifications.
Thought this would be of interest to anyone looking to further secure their use of Facebook. Check out their full blog post about these features.