Facebook is introducing two new measures to beef up security: expanding HTTPS connections as an all-the-time option and using social captchas to authenticate users who have lost passwords. Let’s take these one at a time.
HTTPS is a secure connection (more secure than plain-vanilla HTTP connections), and Facebook already uses HTTPS for when you log into an outside site through Facebook Connect and send your passwords back to Facebook. But now you will have the option to set HTTPs as the default connection for everything you do on Facebook itself. Pages will load slower over HTTPS, but you also won’t be vulnerable to people sniffing your password over WiFi using something like Firesheep. (Maybe Facebook should offer a “more secure” on/off button you could click every time you are not on a secure network at your home or office). Some app developers will need to use a new “Secure Canvas URL” so that their apps can also be accessed over HTTPS.
The social captcha feature is pretty clever. It will replace regular captchas (those slightly warped letters you are asked to re-enter to prove you are human) with a picture of one of your friends. You will need to identify the person to authenticate yourself when you are trying to retrieve a lost password or Facebook detects suspicious login activity on your account. You do know what all your “friends” look like, don’t you?
Facebook is the world’s largest social network, with over 1 billion monthly active users. Facebook was founded by Mark Zuckerberg in February 2004, initially as an exclusive network for Harvard students. It was a huge hit: in 2 weeks, half of the schools in the Boston area began demanding a Facebook network. Zuckerberg immediately recruited his friends Dustin Moskovitz, Chris Hughes, and Eduardo Saverin to help build Facebook, and within four months, Facebook added 30 more college networks. The original...