Dec 22, 2020 - Technology

Facebook will offer new account security options in 2021

an illustration of Facebook and security

Illustration: Lazaro Gamio/Axios

Facebook next year plans to roll out mobile support for security tokens for users who want to take extra measures protect their accounts, the company's head of security policy Nathaniel Gleicher tells Axios.

Driving the news: Facebook will also expand its Facebook Protect security program to more types of accounts next year. The program will be made available to vulnerable users like journalists, human rights defenders and celebrities, and also to users in countries with upcoming major elections.  

Facebook Protect includes additional security provisions, like two-factor authentication and real-time monitoring for potential hacking threats.

  • To-date, it has only been available in the U.S. to politicians, party officials, government agencies, election staff and anyone with a blue-badge verified Facebook page who is involved in the election process. 

The security keys are advised for high-profile accounts, but will available for use to any Facebook account holder that wants one.

  • Facebook is considering sending security keys to public figures like policymakers.
  • Users will be able to buy the tokens from various retailers in-person and online, and then will be able to register them with Facebook.

Yes, but: While hardware keys are a time-tested security control, they're not invulnerable, and they can be lost or stolen.

  • It's for this reason that Gleicher recommends users with high-profile accounts use both Facebook Protect and security keys.
  • "Bad actors are trying to target social media assets of prominent voices. Just because you're not a CEO or a political candidate doesn't mean you're not a prominent person in your field and a target," he says.

The big picture: Facebook believes one of its biggest improvements from 2016 was that it blocked bad actors from hacking real accounts or creating fake accounts to spread disinformation. This transformed Facebook's misinformation problem from being a security matter in 2016 to more of a content moderation issue in 2020.

  • "Our thesis is that you have to protect accounts because every compromised asset can become a tool that is used by bad actors for greater harm — much greater — afterwards, in addition to causing immediate harm to people," says Gleicher. 

By the numbers: In 2020, Facebook estimates that over 70% of people who were closely involved with the U.S. election turned on two-factor authentication.

  • While Facebook prompted many users, like state and election officials, candidates, and party leaders to sign up for the feature, it ultimately relied on people working close to the election to opt in to the program.

What's next: In addition to these security protections, Facebook says it will also expand its public reporting of security threats. The public disclosures of different influence operations or hack attempts help to deter and slow down bad actors, Gleicher says. 

Go deeper