The Facebook Security page unveiled a new feature today that is supposed to help the user track which devices have logged into the account such as your home pc and/or mobile phone. In theory, this is supposed to let you know if your account was accessed by an intruder. It’s a great idea except that Facebook’s idea of helping you track logins is utterly useless.
From the time you enable the feature under account settings, each time you log in thereafter you’re presented with a screen to register the device name. Sounds OK, right? Not especially.
Let me ask you a question – how many of you are going to blank on what to call the login and come up with something generic, such as, say, “Home” if you’re using your computer at home? And in the meantime, some bag of douche has compromised your account, and, guessed that you’d use the same name to register the location.
So what, you say, you checked the box that reads, Don’t ask me again from this computer, so the scoundrel would not be able to use the same name without tipping you off. You’re golden.
Not so fast, there, partner.
Let’s imagine for just a second, that you aren’t clearing your cookies of the device you logged in with. And an intruder logs into your account and calls the device, “Home.” Fine, you get a notification informing you of this event, but how do you know that this wasn’t actually your login? Did you remember to note what time you last logged in? Because time is the only thing distinguishing YOUR login device named Home vs. the intruder’s login device of the same name.
Secondly, the notification of another device login is also questionable because although I was notified that a new device accessed my account, it wasn’t actually logged in the profile. I received two such notifications of new devices – one named “latermuch” and another called “Farmville.” Since I didn’t create either of them, I can toss a coin in the air and call it as to whether my account was fraudulently accessed.
I changed the password just in case the account was, in fact, compromised, but for all I know, Facebook Security itself logged into the accounts of everyone who enabled the new feature just to fcuk with those users. Since the new device was not there, either the notification was a false positive OR Facebook account security sucks ass. My money is on the latter.
If I was clueless as to the usage of cookies, and never cleared my browser’s cache, I might buy this feature as useful, particularly since I was lulled into a false sense of security that the notification would alert me to an intruder. But if you’re even using the account security feature to begin with, then you most likely clear your cookies because you’re security conscious, in which case you are then forced to re-register the device, which in turn, generates a new email notification that may or may not be a false positive as evidenced above.
In the end, this is all just an elaborate exercise in dumbassery, since there is no way to discern that your device login named Home is different from an intruder device login of the same name. No way unless you noted the times of your login, that is. Are you willing to make a note of the time of day every single time you log into Facebook?
I’m not even going to explore the annoyance factor of having to continually register the same device each time when you clear cookies from your device.
If Facebook Security truly wanted to make this feature viable, not only would it not use something as volatile as cookies to record logins, but they also would have taken a cue from Gmail’s account activity feature and logged the IP address of every single device that accessed the account. Cookies can be cleared, but an IP address is almost always static. So in keeping with Facebook standard operating procedure ineptitude, the new security feature is an epic fail.
©2010 Peyton Farquhar™ and Prattle On, Boyo™. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Peyton Farquhar™ and Prattle On, Boyo™ with appropriate and specific direction to the original content.