Facebook Rolling out New Security Features

NEW YORK, KOMPAS.com – Facebook's millions of users are a lucrative target for Internet criminals looking to steal passwords and more. To combat malicious attacks, phishing scams and spam, the online social network is rolling out new security features.

You can ask to be notified by e-mail or text message when your account is accessed from a computer or mobile device you haven't used before. The log-in attempt may be legitimate when you're traveling, but if you haven't left home in a week, you probably ought to change your password.

Facebook is also adding roadblocks when it notices unusual activity, such as simultaneous log-ins from opposite sides of the planet. For example, you might be shown a photo with your friends tagged, and be asked to correctly identify who they are before the second log-in goes through.

Users will also be able to check where the latest log-ins have come from. This is similar to a feature Google Inc. offers on its Gmail service, where users can view the date, time and location of the most recent log-ins to their account. Gmail also states whether the account is open on another computer at the same time.

Some of these changes are already available, while others are still being tested and will launch over the next few weeks. Facebook typically rolls out changes over several days, if not weeks, so not all users will see them at the same time.

The new features come as Facebook faces growing criticism over the way it handles users' privacy. It has been pushing them to share more about themselves with one another and with the outside world. The security upgrade is a sign the company is working to keep its users' trust in the way it handles the private data they post, even as it fends of complaints from privacy advocates, users and politicians.

Hemanshu Nigam, former chief security officer at Facebook rival MySpace, said Facebook has many incentives to be mindful of privacy complaints.

"A little thing like this can turn into a big thing, and could turn into an advertiser saying, 'Well, I can take my dollars elsewhere,'" said Nigam, who now runs online security firm SSP Blue but still consults for MySpace. "The moment a lawsuit or government investigation begins, advertisers get very nervous of that."

Facebook already has automated systems in place that detect when users access the site in a way that "doesn't make sense," said Jake Brill, product manager at Facebook. This can include sending out an avalanche of messages or logging in from different countries at the same time.

The secondary account verification system that Facebook is rolling out makes sure that when people log in from elsewhere, they are authorized to do so. Many websites try to do this by asking people to type words displayed in an image to prove they are human, rather than a computer seeking automated access. But this only helps keep those software robots out, not people, Brill said.