(GMANews) Social Networking site Facebook has integrated a new optional login feature for its site with the use of mobile phones as an answer to its users’ recent security concerns.
According to Facebook engineering intern Andrew Song, the new feature, called “Login Approvals” requires the user to input a code that Facebook will send to his/her mobile phone upon login. In a note post on his Facebook profile, Song writes that Login Approvals is a Two Factor Authentication system that prompts the user to enter a code sent to his/her mobile phone whenever he/she will login to Facebook via a new or unrecognized device. Once the security code is entered, the user will then have the option of saving the device he/she logged in to in order to avoid seeing the notification again.
Song adds that if a login from an unrecognized device is detected, the user will be notified upon the next login and will be asked to verify the account activity. If the user deems the unrecognized login as not his/her own, he/she can change the account password in order to avoid someone logging into it again.
Users who use the Login Approvals feature but have lost or forgotten their phone may still authorize their logins provided they are doing so from a saved and recognized device. This way, lockout is prevented and regaining access to the user’s profile can be ensured.
“One challenge in building login approvals was balancing security and usability,” says Song. “Similar features on other websites require you to download authentication apps or purchase physical tokens to act as your second factor.Â These are good approaches, and we’re considering incorporating them in the future, but they require a lot from the user before being able to turn on the feature.Â To have the biggest impact and provide this added security to the most people, we decided on SMS as the best choice for a second factor.Â That’s a big part of the culture here at Facebook, whether you’re an intern or an old hand: focus on impact.”
The new Login Approvals feature can be enabled via going to the Account Security section of an account’s Settings page.