Sophos analyses Facebook’s newly-announced security features - do they go far enough?
May 2011 by Sophos
Facebook recently announced a number of new features aimed at keeping users safe from scams and spam. Internet security and control firm Sophos welcomes the announcement, saying that Facebook’s visible involvement in boosting the security of its users is a positive step. However Sophos states that there is still a long way to go.
"We want Facebook, and its hundreds of millions of users, to remember that we’re not against the world’s biggest social network," said Paul Ducklin, Head of Technology, Asia Pacific at Sophos. "When Facebook takes positive steps towards better security we’re happy to say so, as we’re doing now. But there’s much more they could be doing, so we all need to maintain pressure on Facebook to keep on improving."
The features implemented by Facebook include: a known-bad-site blocklist; protection against clickjacking; and limited support for two-factor authentication.
However, Sophos experts believe that there is still room to improve security on the social network. "How about a popup confirmation dialog every time you Like something, rather than only when a page already known to be suspicious is involved?" asked Ducklin. "Or an option for two factor authentication for _every_ login, not just for those from new devices?"