Facebook finally makes two-factor authentication (2FA) the rule for certain of its riskiest accounts.
It is a smart measure that protects the honorable users of Fb, especially those who are sought for responsible and accurate information: think of chroniclers, politicians, celebrities and you will understand the idea. Someone who accesses one of these accounts and impersonates it could have far-reaching detrimental effects. The company made the announcement Thursday, previously notifying certain reporters and then directing them to a full article on Wired.
For what reason do I wonder if it took so long?
Stories of people in each and every stage of life who have seen critical accounts hacked are all too common. Generally, I can tell when someone sends me an e-mail or text message separately and exclaims, “Help! I have been hacked! The worst thing is when they don't know and I see strange activity on their Fb account and I send them a private note through other channels: “Hey, I think your Fb has been hacked.
Two-factor authentication is a simple idea that not many people adopt because they find it jaded or too difficult. In summary, every time you start a session in a system, you must prove that it is you through a device or secondary system, which can give you a code to apply first to that system.
Some 2FA systems use text messages to your phone (or a voice call), others use proprietary hardware that spits out unique and sensitive codes while also being entered into the original system.
For most people, the primary device that accepts 2FA is their smartphone. Most security sysadmins believe that if you have your phone with its SIM card and a unique number, it is as good as can be for verification. Seen another way, how likely is it that someone who tries to use your e-mail and perhaps a password that you found on the obscure web page to start a session on Fb also has your phone?
On Fb Protect: What's New?
The system in question, known as Fb Protect, was originally developed as an alternative for politicians. Aside from 2FA, there is a page posting authentication system to ensure that absolutely no one posts offensive content on an applicant's pages, and the requirement that page managers use real names.
The new plan takes Fb Protect further there, with Fb proactively identifying users or sets of users at risk and directing them to sign up for Fb Protect. Personally, I would like Fb to go ahead with Google's plan and require 2FA for each and every user.
It is not a perfect system, and there are reports of phone criminals persuading unsuspecting users of the service (banks, cryptocurrency wallets, Venmo, Paypal, and other accounts that also use 2FA) to share SMS codes. 2FA. Still in this way, it is better than a single ill-conceived password, or a password that circulates around the Dark Web as if they were gossip.
Fb's supposedly small and practically tentative plan could still be a wake-up call for low-risk users who missed the memo and, after ignoring multiple prompts to activate 2FA, may find themselves stranded on their accounts.
This is not a good situation. More clearly you are better than a hacker or a party animal taking over and posting things to your account that absolutely no one wants to see.