There has been much fuss over security during the last few days at Facebook. First there were reports about Facebook getting hacked in Tunisia. And then another report came up about Facebook CEO Mark Zuckerberg’s Facebook page getting hacked. And to top all this, another supposed XSS hack plagued Facebook wherein a lot of users are seeing a status update from a Roy Castillo whom they are not even friends with. In order to counter all these security issues, Facebook has introduced 2 new features.
Well, this is one really innovative way to verify real users rather than using CAPTCHAS. Using the Social Login feature (or Social Authentication as Facebook calls it), users will be shown a few pictures of their friends and then they will be asked to name the person in those photos.
This may be innovative but I don't think I would like to agree with Facebook on their statement - "Hackers halfway across the world might know your password, but they don't know who your friends are" as it won't be very hard for a hacker to find out the Picture of an user's friend. Here is a screenshot of Social Login at work:
Well, HTTPS seems to be a common solution to all security problems faced by big websites. Even Facebook will from now on let users to choose if they want to switch to the HTTPS mode for browsing Facebook. Users can find these options in the "Account Security" section of the Account Settings page.
via Facebook blog