Facebook is set to announce new security features today that will let people set passwords for third-party apps and get help from friends when they can’t get into their account.
When hackers hijack accounts, the first thing they typically do is change passwords so legitimate account holders can’t get back in. Instead of going through the rigamarole of verifying that you are the legitimate account owner, Facebook will now let friends vouch for you.
The new Trusted Friends feature, which like App Passwords will available for “testing” in coming weeks, lets you select three to five friends who can be trusted to help get access to a hijacked account. Facebook will send secret codes to the select friends who can then share them with you.
“It’s sort of similar to giving a house key to your friends when you go on vacation–pick the friends you most trust in case you need their help in the future,” the company said in a blog post due to go live today. CNET has seen an advance copy.
Similarly, Facebook is bulking up security for in-system apps. Your Facebook login already generally allows you to access your Facebook apps, but in some cases you may prefer to use an unrelated and/or unique password for particular apps. And now you can.
To use App Passwords, click on Account Settings, then select Security Tab and the “App Passwords” section. “You can generate a password that you won’t need to remember, just enter it along with your email when logging into an application,” the company said in a statement.
“There are tons of applications you can use by logging in with your Facebook credentials. However in some cases you may want to have a unique password for that application,” the blog post says. “This is especially helpful if you have opted into Login Approvals, for which security codes don’t always work when using 3rd party applications.”
These moves are Facebook’s latest attempts to help people keep hackers and hijackers out of their accounts. In May, Facebook announced a number of security offerings, including a two-factor authentication called Login Approvals that require a code when you log in from an unrecognized device. The site will also generate warnings when links look suspicious or if it senses dubious activity going on behind the scenes of clicks. Facebook also launched a bug bounty program in July.