Exploring Facebook's New Social CAPTCHA Authentication

[Arch_Angel]

Facebook rolled out the “social CAPTCHA” mechanism authentication mechanism, based on the approach described in Facebook’s Using Social Information for Authenticating a User Session patent. While CAPTCHA is traditionally used to distinguish between humans and bots, Facebook’s method is designed to distinguish legitimate users from impostors. It does this by asking questions about the user’s social network.

Facebook prompts the user to authenticate using the “social CAPTCHA” approach if the site notices an anomaly in the way the person is logging in. In one such case, Facebook states: “You are signing in from a location we’re not familiar with. For your protection, please take a moment to answer a few security questions.” The user is then presented with an option to answer their predefined secret question or to identify photos of their friends.

Read more: http://blog.zeltser.com/post/1258010...authentication

That's pretty cool. Of course, if you add a lot of persons you don't really know much about, then you might fail the captcha tests.

Anyone run across the new captcha yet?

[Jamlynx]

No..I haven't seen it yet but one would only encounter it if trying to hack somebody's account or logging in from somewhere u don't normally like a friend's house or a cybercafe.

I think Facebook is going to far with this one.All they have to do is make it optional for you to set specific IP's that are allowed to log in the account (like your home or work PC's).

Digital currency websites like E-gold have had that feature for years and if your IP address changes (even cable/DSL IP's change occasionally) then a PIN is sent to your email which you have to confirm b4 logging in.

[khat17]

I have run across it. It was extremely annoying. Basically I went overseas and tried to sign in. Facebook didn't recognize the IP bank that I was on as one of the "regular" IPs that I sign in from and decided to ask me questions.

It works nicely if you use Facebook for just contacts and friends, but when you do like me and have multiple games like Mafia Wars and such that you mass-add people then you have a crack-load of persons that you don't know personally.

It's good in some senses, but the bad part is if you fail you have to wait a number of hours (12/24 I think it was.....) before you are able to try logging in again.

[Utech22]

Great implementation .

[ShadowWolfe Hellscream]

Friend asked me to fix something on his account and ended up having to call him back and put those questions to him. Mini had same prob when he used a bb with diff. location settings. Annoying really.

[Technoboy]

I had experienced this from months ago...when I kept on logging in from different mobile devices.

It doesn't ask me anymore though.

[semitop]

Not sure this is any better than the regular captcha. You could find ppls friends and their names easy.

[ShadowWolfe Hellscream]

How easy is that though? For people with hundreds or thousands of friends, and fb shows you a few random ones, how easy is it?

[Arch_Angel]

How easy is that though? For people with hundreds or thousands of friends, and fb shows you a few random ones, how easy is it?

It easy for semi. He has a leet mind that can quickly remember faces and names in a few mins after scanning through some pics. But for the rest of us mortals, not so easy.

[Flexx17]

I had experienced this from months ago...when I kept on logging in from different mobile devices.

It doesn't ask me anymore though.

This exact thing happened to me three weeks ago when signing in with I.M. apps from my phones