Data Leaks: Evolution of Facebook Users’ Authentication Process
- Facebook has had to face several data leaks these past months and now tries to improve the security of its user access: the ID and password check in fact appears insufficient. An optional authentication feature has been added to connect to the social network. The Login Approvals function is enhanced with a possible disposable numeric code, sent by SMS and entered with the traditional identifiers.
- A problem remains however: the user must give his mobile phone number to the social network to benefit from this new function. According to Facebook, this additional authentication step makes it possible to avoid the risk of unauthorised connection. Alerts are also proposed to warn the user in case of unauthorised connection to his account.
- Also, Facebook still studies these issues and could later integrate other authentication means.
- In April and May 2011, data leaks have been noted on the social network: Symantec explained on its blog that several Facebook applications had enabled access to the personal information they contained. The security of these applications is, more than ever, put to question. According to Symantec “[third] parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information”. The vendor also says that these data leaks could have a significant impact. This debate could further affect the image of the social network. In October 2010, for instance, the Wall Street Journal reported that some popular Facebook applications (FarmVille, Texas HoldEm Poker and FrontierVille) sent user data to advertising companies.
- Nevertheless, in the present case, according to Facebook, nothing proves that the supposedly retrieve pieces of information were really used by announcers.
- Legal proceedings were also brought against the social network in 2010 as some Internet users claimed that the changes in privacy settings were too complicated.