Facebook has announced a new remote log-out security feature which will allow users to see logged in sessions for their account. To understand the implications of this, let me give a bit of background first.
Earlier, if you were logged in at home but later needed to log into Facebook from another computer, say from your office, you would first have to register the computer. Facebook would then send you an email stating that your account was being used by a new device.
In this way, you would be notified if someone else was trying to use your account. The new feature, which was announced yesterday, allows Facebook users to see the details of all their sessions including the time Facebook was accessed, the device name set, the location (based on IP information) and the device type (web browser or mobile device) using your account. The user can then end any of the sessions simply by clicking the mouse button.
Though it seems to be a good step by Facebook, users need to keep the following things in mind.
First, you can receive notifications via email or SMS if someone other than you, accesses your account. You can do this by setting the security controls to “on.” oddly this specific feature is “off’ by default, though most Facebook features relating to privacy are “on.”
Second, this security feature allows you to add a location determined by your IP address. But just as your actual location can be spoofed through Facebook places, there is a possibility that your IP address can be spoofed as well.
Though Facebook is quick to announce features such as ability to scan your email address book for the purpose of finding friends, the social network site does not display the same enthusiasm at the time of announcing new security controls. This makes it unlikely that you will even hear about this new feature unless your Facebook security page is updated in your stream.
Phishing for Facebook and other such accounts is easy and here’s why. Many people access their accounts through devices which are not their own, it could be a friend’s phone or even a computer at an Apple store. A lot of these people forget to log out once they are done. It shows that they simply don’t care about privacy or the security of their credentials.
For those who do care, it is positive to see Facebook trying new and innovative methods to increase the security of their users.
