Facebook’s Suspicious Login Tracking

This is kind of old news, but I’ve only recently become acquainted with Facebook’s tracking of suspicious logins. If you only use a couple of devices, or haven’t traveled around much, you may not have seen come across these recent security additions to the authentication mechanism.

When logging in to Facebook, the site looks up the last location you logged in from (by geolocating the IP address), and compares it to a list of ‘known’ locations. If the location the user is logging in from is beyond a certain ‘distance threshold’ from the known locations, the user will be challenged. There are two types of challenges that can be chosen; the first is to recognise friends based on their picture (a solution I find both elegant and effective); the second is to answer a pre-set security question. If the user fails both of these challenges (I did… go figure), they have to wait an hour before trying again.

The next time you successfully log in, you will be alerted to any recent suspicious login attempts, complete with a geolocated map of that attempt’s location (see screenshot).

This feature has been added to Facebook’s authentication mechanism, and is thus on by default for all accounts. There is another feature however, that is not on by default, but is also interesting. You can set Facebook to notify you whenever a new computer or mobile device is used to log in to your account. This setting is found under Account Settings -> Account Security -> Login Notifications.

Thought this would be of interest to anyone looking to further secure their use of Facebook. Check out their full blog post about these features.

Related:

• Facebook Introduces One-time Passwords and Remote Log-out

• Insecurity: Bad Secret Questions and Information Disclosure