X

Facebook adds new remote log-out security feature

Facebook users who log in from multiple devices will soon have a way to make sure they are only logged in on the computer they are currently using.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
3 min read
 
The new Facebook security feature lets people see what devices are logged into their account and to remotely log them off.
The new Facebook security feature lets people see what devices are logged into their account and to remotely log them off. Facebook

Facebook on Thursday announced a new security feature that will allow users to see if they are logged into their accounts on a different computer and to remotely log out if so.

This will address the problem that many of us have of leaving a computer--either one we borrowed at a friend's house or used at a public spot like a library--logged in to our Facebook account without realizing it. Doing so leaves it open for abuse by whoever happens to visit the site next on that machine, allowing them to use the account to send spam or masquerade as the legitimate user.

"When anyone else is in charge of your online account there is the opportunity for foul play," Jake Brill, a product manager for Facebook's site integrity team, told CNET. Using the new feature that Facebook is rolling out worldwide, users will be able to click on the Account tab in the upper right-hand corner of their profile page, click on "Account Settings" in the drop-down menu and see new information about account activity under the "Account Security" area.

Facebook will provide users with recent activity on their account, including the last time the account was accessed, the device used, what approximate city it was located in, and the browser and operating system on the device. It will also provide the same details for other sessions if they are active on other devices and offer the user the ability to click "end activity" to log that device off.

Often, Facebook users don't realize that they may still be logged into their accounts if they merely closed down the browser or even if they shut down the computer. For example, if the "Keep me logged in" box is checked on the log-in page, then you must manually log out on Facebook to end the session. That box, which is standard on many popular Web sites, is unchecked by default. If the box is not checked, users must quit the browser or log out to end the session.

The new feature will help people thwart would-be account hijackers, said Andrew Walls, a research director at Gartner.

"If you suspect somebody else has your password and is able to access your Facebook account or you see a computer you don't recognize connected to your user profile, you can kill that session," he said. Users who suspect their account has been compromised should always immediately change their password.

Walls praised Facebook for offering users this level of insight and control into their accounts and noted that it is standard in operating systems to provide this capability to administrators who want to, for instance, monitor the VPN (Virtual Private Network) connections into the network.

"This will be adopted by a small percentage of the user base, but it's a good step and it is needed," he said.

The new security feature follows a Login Notification feature the company announced in May that lets users tell Facebook to notify them via e-mail or SMS when a new computer or device is used to log into their account.