Facebook has implemented a new level of login security for users with the debut of a feature called "Login Approvals", a two-factor authentication process.
The new authentication feature allows Facebook users the option of requiring that a one-time numeric authentication code be entered in addition to the standard username/password combination if the network detects a login attempt from a device that has not been previously saved by the user.
Upon receiving a login attempt from an unrecognized device, Facebook will send the authentication code to the account holder via a SMS text message to the cell phone number the member has associated with their account.
If the user's username and password are ever compromised, unauthorized login attempts from unrecognized devices will be blocked for failure to provide the one-time authentication code, and the account owner will be notified of a failed attempt upon their next login.
"As more individuals and businesses turn to Facebook to share and connect with others, people are looking to take more control over protecting their account from unauthorized access. Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer. Once you have entered this security code, you’ll have the option to save the device to your account so that you don’t see this challenge on future logins," blogged Facebook's Andrew song.
To enable the "Login Approvals" option, users need to go to the "Account" drop-down menu in the upper right hand corner of their Facebook page, choose "Account Settings" and then the "Account Security" option.
Check the box for "Login Approvals" and follow the directions, you will need to have your cell phone handy to complete the process.
It is also highly recommended that users enable the "Secure Browsing (https)" as well as "Login Notifications" options also located on the "Account Security for improved security.
Facebook is also considering other authentication options in the future, according to the blog by Song.
"One challenge in building login approvals was balancing security and usability. Similar features on other websites require you to download authentication apps or purchase physical tokens to act as your second factor. These are good approaches, and we're considering incorporating them in the future, but they require a lot from the user before being able to turn on the feature. To have the biggest impact and provide this added security to the most people, we decided on SMS as the best choice for a second factor," Song wrote.