Updated: December 3, 2021 6:26:06 pm
Facebook Protect, a programme designed to protect accounts of users at high-risk of being targeted by cybercriminals, is now rolling out to India and other countries.
But what is Facebook Protect and how does the social media company decide whether your account needs the extra security? We explain:
What is Facebook Protect?
The Facebook Protect feature will give higher security to users whose accounts on the network are more at risk of cyberattacks and perhaps even state-sponsored attacks. The focus is on journalists, human rights defenders, activists and will eventually include government officials as well.
The feature when turned on will mandate that these accounts use two-factor authentication (2FA), and offer them other security protections as well. The programme was first tested in the US in 2018 and expanded more broadly during the US 2020 elections. Facebook says it plans to roll this out to nearly 50 countries by the end of the year.
So what exactly does Facebook Protect do?
Facebook’s Head of Security Nathaniel Gleicher, explained that users who are within these groups will soon see a prompt from the social media company asking them to turn on the feature. The program aims to protect their accounts against cyberattacks with steps such as mandatory 2FA and monitoring the account for additional security.
“Facebook Protect enables additional automated defenses from our systems to help protect these accounts. We apply increased detection for the types of compromised efforts that human rights defenders, journalists or government officials might face. It also flags these accounts in our internal systems. So we get a report about one of them or we see repeated targeting of one of them we know there could be more at stake,” Gleicher explained.
What happens if someone gets a Facebook Protect prompt, but does not turn it on?
So this is mandatory. If you get the prompt, meaning your account is deemed high-risk you will have to turn it on. It also means you will have to turn 2FA for your Facebook account if you have not done so already.
Users will have a deadline to accept the prompt. If you do not accept within that time period, you will be locked out of the account. For example, if you are a journalist and your Facebook account does not have 2FA, you will have to turn on the feature. If you do not do so, and the deadline elapses, your account will get locked.
Remember, no account data is lost; just accessing According to the company, users can get back account access by turning on 2FA and Facebook Protect.
Why the stress on 2FA? Does it really protect against attacks?
According to Facebook’s head of security, only 4 per cent of all users on the platform have 2FA turned on, and the feature remains underutilised. For those who do not know, 2FA means that in order to access the account from a new device, you will need a login code either via SMS or from a third-party authenticator app such as Google Authenticator.
2FA can be a very useful defense mechanism for all accounts, not just high-risk. Because in order to login to the account on a new device, this code is needed. If hackers do somehow gain access to your password, then at least they cannot gain entry till they get the one time password or code.
Facebook’s head of security also revealed that so far more than 1.5 million accounts who are at risk have enabled the feature. Out of these, nearly 950,000 accounts had only newly enrolled in two-factor authentication, which shows just that very few people had it turned on in the first place, even though they were at risk.
I’m a journalist or human rights defender or activist. But I have not got the prompt. What should I do?
The feature is rolling out in India, so it could be some time before you see the prompt. For users who are at risk but do not get the prompt, Facebook will soon have a process in place to let them register.
“We have a journalist registration programme, for example, and a number of publications work proactively with us to make sure that their journalists are highlighted on our platform so that we can provide this additional protection,” Gleicher said.
Facebook’s head of security revealed that there are a combination of factors when it comes to deciding who goes on the list of accounts at risk. The network relies on experts in countries around the world who understand prominent voices and critical voices.
“We’re also looking at automated detection systems that help us understand who should be getting these. We have a number of systems whereby, for example, journalistic organizations can make sure that their members are on these lists, think thanks and other highly targeted communities can make sure that their members are on these lists that they want them to be,” Gleicher said.
I’m a user with several followers, but I’m not in the three categories mentioned above. How do I get Facebook Protect?
Right now there is no way for those who are not part of these three categories to get the Facebook Protect feature. Though it should be noted that really anyone can turn on 2FA for their accounts and increase security overall.
Facebook has not yet revealed if it will extend to other accounts. The social media network plans to expand the feature to more countries. “We want to bring it to countries where we might be seeing critical civic moments like elections coming in the near future for example, Philippines and Turkey,” Facebook head of security said.
Newsletter | Click to get the day’s best explainers in your inbox
I got a message on Facebook from ‘Facebook Protect.’ They want me to share my account details such as email id and the password. Is this real or fake?
No, that is likely fake. The prompt comes from Facebook itself when you open the app. It does not ask for any account details, and only requires you to turn on 2FA (if not done already) and turn on FB Protect.
It does not come as a message on Messenger or as a post on your wall. Facebook says any message which claims to offer ‘FB Protect’ and has a link and asks for account details is likely a phishing scam, which users should ignore and report.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.