Facebook Adds Remote Logout Security Feature

Facebook is rolling out a security control that enables users to remotely log out of an active session from a different machine. The feature extends controls added in May to prevent unauthorized activity.

Facebook is updating security on its site to bolster protections added in May relating to user log-ins.

This time, Facebook is giving users the ability to log out of any Facebook session they may have left active on another computer or device. For example, if a user logs into Facebook on a friend's computer and then leaves without logging out, thanks to the new feature the user can now end the session from another machine.

"The goal is to give people greater control over their account and log-ins," a Facebook spokesperson said, adding the "feature allows you to close [a] session from anywhere-all from one central location in your account. In the unlikely case that someone accesses your account without your permission, you can shut down the unauthorized log-in before resetting your password and taking other steps to secure your account and computer."

The ability is being rolled out gradually, and is expected to be fully available to Facebook users in the next couple of weeks. The feature builds on capabilities the social network added in May to notify users when their account is accessed by a device they haven't approved. To take advantage of the new control, users need only visit the Account Security section of the Account Settings page.

To read about the top social-networking security attacks of 2010, click here.

"Most security features in [Facebook] are preventive and do not inform the user about the status of their security," said Gartner analyst Andrew Walls. "This new feature enables the user to monitor, to a certain extent, access to their user profile. It should be noted that you must enable the log-in notification feature to access the new session monitoring capability."

This type of feature is commonly found in operating systems and identity and access management systems, but is relatively unusual in consumer-oriented SAAS (software as a service), Walls added.

"Techies will use [it] but it is not clear how many regular users will understand or take advantage of the feature to monitor access to their FB profile," he said. "If users take the time to use the feature they may enjoy a greater sense of security regarding profile access, but that is a big 'if.'"