When logging into Facebook from either a different location, a security check will come up with an alert asking you to identify yourself. I tend to travel around a lot, and so this is very annoying. I use Facebook quite infrequently, I can only imagine how annoying it would be for those that travel and use the site daily. What’s worse here is that a different location is not necessarily a different city or even country, but can just be a different computer. For example, if you login at an internet café 10 minutes from your house for whatever reason, the warning will come up. This also adds to Facebook’s poor history of privacy, as for this check to work they must be maintaining a record of all the locations you use Facebook from. Logfiles are one thing, but actively maintaining a record of your location history for commercial gain is something else.
The fact that an account is signing on from a different location is in no way an indication of malicious activity. I don’t really understand the moronic reasoning that could have thought this was a good idea. Perhaps if the account was active in two different locales within a reasonable time difference, but simply from a different location? As stupid as the security check may be in the first place, it is made worse in that it is not effective in any way. The only information it asks you to enter to authenticate yourself is your birthday. Information that most people on Facebook make publically available without a second thought. Even if they don’t, it’s not exactly the hardest info to find out. Why not ask for the user to reenter their password, which would help protect against many type of session stealing attacks, or to confirm the location they last logged in from. At least something that wasn’t entirely security theater because at present it accomplishes nothing and is just a frustration.
What about if the attacker doesn’t know your birthday, or you used a fake birthday to signup and don’t remember what it was? In this case Facebook will send out a security code to one of your registered email addresses. This also allows for a breach of privacy, in that all email addresses will be exposed here, regardless of if they are marked as private or not. If the attacker does not have access to one of these email accounts then this might work OK. However even this security check is flawed, as it never changes. I.E. Every time that you fail to correctly enter your birthday, the exact same security code will be emailed out! This only means you need one million attempts to successfully brute force this code. This would take several days, but for someone who doesn’t use their Facebook account that often it would allow for it to be cracked. I have not investigated too deeply, but Facebook does not seem to have any preventative measures against bruteforcing this security check.
I find it hard to believe the Facebook developers could be this stupid. It seems much more likely that this “Security Check” is actually a measure to make sure their location information for users is accurate, disguised as security theater. Then again, Never attribute to malice that which can be adequately explained by stupidity.
Thats really annoying ,im on holidays and i wasnt able to log in ,it displays security check to enter two words in the box,but there is no words just says loading and never changes…
Comment by laura — May 3, 2010 @ 3:11 pm
did u find any step to login to ur FB a/c????????? is thr any way by which v can complete ths check or com out of it n login to our a/c wth out such check??????
Comment by padma — October 19, 2010 @ 3:36 am
check out this link http://expertscolumn.com/content/exclusive-how-verify-your-facebook-account-without-giving-out-your-mobile-number
Follow the steps and get a security check code, even if you don’t have a cell phone !!!
Comment by Leiamra — January 19, 2012 @ 3:33 am
I’m away for a week and am absolutely pissed off that FB wants to send me a confirmation text message. I wouldn’t mind, because maybe after agreeing it would be a sinch to get online, but it’s my old cell phone number that they have. Nice.
Comment by cassie — June 28, 2010 @ 10:23 am
im having the same problem they have my old number and are sending the code to my old phone that doesnt work anymore. did you ever get it figured out
Comment by Holly Halbisen — December 1, 2011 @ 10:09 am
Don’t allow fb to spy on you by giving them your cell phone number
check out this link http://expertscolumn.com/content/exclusive-how-verify-your-facebook-account-without-giving-out-your-mobile-number
and get a security check code, even if you don’t have a cell phone !!!
Comment by Leiamra — January 19, 2012 @ 3:39 am
[...] Facebook’s security check is anything but. « All that is wrong … [...]
Pingback by phone check – YouTube – Paul sings Nessun Dorma high quality video/sound … — July 6, 2010 @ 6:46 pm
im also facng d same prob as said by d person in d 1st coment…if FB doesnt hav a proper system 2carry on d process thn y do thy hav a automatic check lik that….for past a week it is in d sam step saying “loading”..i dont knw wn i wil be abl 2login into my FB a/c…….
Comment by padma — October 19, 2010 @ 3:33 am
my password is rignt but also my facebook page does not open
Comment by asma — November 9, 2010 @ 7:08 am
I got this notification this morning. Someone on the other side of the country tried to get into my account.
I have no problem at all with this security check.
Comment by Leah — November 26, 2010 @ 12:18 pm
I agree Leah. Definitely better to do something than nothing. But…. if they could get into my FB account, then they would most likely have the access to the answers to the security questions. The picture identity is a little ridiculous but I don’t understand why others on other sites are so upset about it. You have many other options! My problem is remembering all these different passwords I have to change so often!
Comment by Carolynn — December 1, 2010 @ 12:14 pm
hey, i’m having the same prob as u lot, it just say’s LOADING and will not change ………. Some1 help plez as me and my m8 need an acoount…..
Thanx love ay all coco xxoxoxoxoxo
Comment by coco — May 12, 2011 @ 10:29 am
hi, i am struggling with trying to put a security number in the text box to sign up on facebook because the number is still loading and been waiting for 10minz…
Comment by Jessie — December 26, 2010 @ 11:21 pm
It tells me to enter both words below when it’s just saying loading and never changes….
Comment by Quinton — February 10, 2011 @ 5:21 pm
how long does it last until facebook is letting me get on my page again?
Comment by Josh- — April 18, 2011 @ 3:51 pm
When I went to FB I got a confirmation page. So I closed it and then went back to FB. No confirmation page. It makes me mighty suspicious.
Comment by SteveInMontana — May 15, 2011 @ 12:21 pm
it wont let me take the test
Comment by tristin whitehead — July 17, 2011 @ 9:19 am
Ugh. Cleared cookies now am waiting for a security code to be sent to my phone… locked out of Facebook on my own computer, in the exact same location.
Comment by Tanya — July 28, 2011 @ 12:37 am
I wrote an article on my blog. Please verify before consider this a spam. For first, i don’t have any advertising on that blog. All i want is to help people to resolve the problem because i stay without Facebook about 1 week.
Look here for resolve this problem.
http://www.privoff.com/2011/i-dont-receive-security-code-sms-from-facebook-i-set-login-approvals-resolved/
Comment by FbSupport — August 15, 2011 @ 5:47 pm
Me too! Sux! I have no mobile phone, so I used my home phone number and received a confirmation code on the message phone. Tried to get back to use the confirmation code and reentered the same phone number to get the box to type in confirmation code and now that code doesn’t work because facebook redialed the home line with a different code. Friggin catch-22. The alternative is to scan in an ID… I don thin so.
Comment by david hiller — August 2, 2011 @ 2:10 pm
what should i do? der is a security check on my account. the number i enter was wrong how do i know if wat is the code???????? please help me
Comment by mikael — September 14, 2011 @ 10:48 am
[...] Facebook’s security check is anything but. [...]
Pingback by Facebook Security Check – the facebook captcha – does it make sense? « Short observations about what's going on — September 19, 2011 @ 6:31 am
I couldn’t login to facebook, they wanted me to prove who I was by entering my phone number, so I did. They were to send me a tex with a security code, but never did. The next day I tried again to login, a pop up appeared stating the a tex was sent to a number that was closes to mine but not mine. Now when I try to login it say’s i am attemping to recieve code too often in a short time!! I think you have to wait 24 hours, not sure. Also how do i get tem to acknoweledge my correct number? Someone help me because pissy facebook won’t. UNLIKE!!
Comment by kathy french — November 14, 2011 @ 12:45 pm
facbook wont let me log in without entering a code that was sent to my phone but they are sending the code to my old number and i cant go in and change it to my new number bacause i cant get on facebook. anyone know how to get around this
Comment by Holly Halbisen — December 1, 2011 @ 10:03 am
Wht da f**k it doesnt wrk
Comment by Jeremy — December 5, 2011 @ 3:00 pm
Hey guys go here and check they allow u to upload a photo of some government issued ID for verification.
http://www.facebook.com/help/contact.php?show_form=login_password_bug
Comment by pks — December 14, 2011 @ 5:24 am
Sent me a code
Comment by Gaurav bindra — December 29, 2011 @ 12:54 pm
FUCK YOU FACEBOOK SECURITY, YOUR NOTHING BUT A BUNCH OF LIBERAL COMMUNIST COCKSUCKERS AND I’M YOUR WORST FUCKIN MNIGHTMARE, CONSIDER THAT A DIRECT THREAT!
Comment by DUKE NUKEM — January 10, 2012 @ 9:13 pm