Facebook has announced two new security features, but at least one IT security company is pointing out problems with the social network’s site instead of applauding the changes.
“Trusted Friends” now lets you select three to five trusted friends who can help if you ever have issues accessing your account. Facebook says if you forget your password and need to login but can’t access your e-mail account, you can rely on your friends to help you get back in. Facebook will send codes to the friends you have selected and they can pass along that information to you.
The new “App Passwords” feature lets you generate and use unique passwords that you don’t have to remember to access third-party apps. This means you no longer have to log into Facebook apps with the same credentials that you use for your Facebook account.
Along with its announcement of the new features, Facebook posted an infographic that revealed only 0.06% of user logins are compromised each day. Sounds great, right?
Well, in a blog post the security company Sophos points out that number winds up to be a whopping 600,000 daily unsecure logins—effectively one every 140 milliseconds.
While Facebook doesn’t give any clues as to how it could happen, Sophos also says trusted friends could band together and turn against a user to access his or her account.
And more: “If a bad guy has taken over your Facebook and email account, isn’t it likely that he will also change who your trusted friends are at the same time? Wouldn’t that make the whole security measure kinda pointless?”
To read more of the paranoid post, check out Naked Security.