Facebook Protect, a program that provides extra protection and security to high-risk user accounts, is now rolling out to more countries, including India. The program was first tested in the US in 2018 and expanded broadly during the US 2020 elections. The company plans to roll this out to nearly 50 countries by the end of the year.
“Facebook Protect is a security program for the people that are most likely to be highly targeted by malicious hackers or other adversarial threats. These include human rights defenders, journalists and activists, and are often at the center of public debate. They hold governments and companies accountable,” explained Nathaniel Gleicher, Head of Security at Facebook in a media briefing.
As part of the program, those users who fall within these groups will soon start seeing a prompt from Facebook asking them to turn on the ‘Facebook Protect’ option. The program is designed to protect their accounts against cyberattacks and also mandates that the users turn on Two Factor Authentication (2FA) for their accounts. This requires an OTP either via SMS or a third-party authenticator app in order to access the account. Facebook Protect also monitors their accounts for additional security.
But Facebook Protect is more than just turning on 2FA for an account, which really all users can turn on. “There are increased automated defenses that we enable on the backend to protect these accounts. It’s additional detection mechanisms that our systems and teams run. Accounts in this program are flagged within our systems so that if our investigators see, for example, repeated targeting of one of these, we know that there might be a particular risk if they were compromised,” Gleicher explained.
He revealed that so far more thans 1.5 million at risk accounts have enabled the feature. Out of these, nearly 950,000 accounts enrolled in two-factor authentication for the first time thanks to Facebook Protect.
Facebook says it has revamped the program from its learnings, especially those based in the US election. It should be noted that Facebook Protect mandates 2FA for at-risk accounts for journalists, human rights defenders, and activists. The company said they also want to strike a balance and make sure these users do not get locked out of their accounts, so it will make it easier to turn on 2FA.
One reason why Facebook is stressing 2FA, is because it remains an underutilised feature across the internet, despite the known benefits when it comes to protecting a user’s account. It revealed that only about 4% of global Facebook monthly active users have adopted 2FA till November 2021, and this is in fact in line with what other companies have reported.
Facebook is hoping that with the ‘Protect’ feature at least accounts of those at risks, such as journalists or activists, will get their extra security measures in place. When a user receives a notification asking them to turn on Facebook Protect, they will also get a deadline.
If they do not turn on 2FA within that deadline they will then be locked out of their account. The only way to get back account access is to turn on 2FA and accept Facebook Protect once that notification appears for a user. To reiterate, Facebook is not mandating this for all users, but only those at high risk.
The social media network will also improve customer support for those who have turned on Facebook Protect. Facebook says the early results have been encouraging and that “simplifying enrollment flows, improving customer support and mandating 2FA brought adoption rates to over 90 per cent in one month for these groups.”
The social media network will also expand the feature to more countries. “We’ve rolled up the mandate first in countries where we know we have the necessary resources in place to smoothly expand and also in countries where we might be seeing critical civic moments like elections coming in the near future, for example, Philippines and Turkey,” Facebook’s head of security said.
It also hopes to roll this out to countries such as Myanmar and Ethiopia. “We plan to expand to these regions early next year, leveraging all that we’ve learned from the earlier waves to minimise risks and destruction or protecting critical voices around the world,” he added.
For users who are journalists or activists, but do not get the prompt, Facebook will have a process in place to let them register. “We have a journalist registration program, for example, and a number of publications work proactively with us to make sure that their journalists are highlighted on our platform so that we can provide this additional protection,” he said.
