NEWS FROM THE LAB - Monday, December 7, 2009

"You are signing in from an unfamiliar location." Posted by Sean @ 15:00 GMT

I recently took a sudden and unexpected trip to Norway. During my time there I needed to quickly update my family and friends as to my situation. How does one do that when one's family and friends span the globe?

I use Facebook.

Sure, I can use my phone to contact my most immediate family. But that's a challenge due to time zone differences.

Europe, America, Australia, who the heck can keep track of what time it is when you're in the middle of something urgent and haven't slept in two days?

Utilizing Facebook as a micro-blog worked perfectly (I don't use any third-party applications and have a rather limited profile).

And while accessing Facebook from Norway, I received the following prompt:

You are signing in from an unfamiliar location. For your security please verify your account.

Great. This seems like an excellent idea.

Facebook offers many language localizations based on location and it seems that some of this user data is logged, and if an account is accessed from an unfamiliar location, the user is challenged.

Only one problem — Please enter your birthday?

That has to be the single most shared bit of information on Facebook… it's not much of a "challenge" to answer that question.

We've earlier noted Facebook's problem of using security challenge questions based on social information.

Still, I quite like the idea of challenging the user when they access a web-based service from an unfamiliar location. It is a good anti-phishing effort and there are others that could implement it as well. Many of Google's services come to mind. Google certainly does it fair share of IP tracking and they could easily use this type of information for their users' benefit.

Signing off,

P.S. Dag and Ivar, your help was really invaluable. Thank you.