Facebook has been boasting not only the most users for a social networking site, but also the most “quality” users (ie less fake users).
How can Facebook achieve that?
First they’ve been actively purging fake accounts.
More recently they started testing your knowledge of your own friends.
Because everybody knows you know well all your friends on Facebook right?
This feature is disguised as a way to check that your account is not being accessed by an unauthorized person logging from a unrecognized computer.
It happens if you try accessing your account while traveling, and logging from a location you never logged from before.
Not only you will be asked for a Captcha, but Facebook will present you a set of 7 photos where your friends have been tagged, and you will have to recognize them.
You can only skip 2 questions so you better know your friends well, and be lucky enough to be shown photos with an actual face on it.
Especially when they start asking you questions on tagged pictures like those ones:
Try it yourself by logging from a friend’s computer or from a computer abroad and test your knowledge of your friends.
It’s fun, especially when you get yourself locked out of your own account and have to wait one hour to try it again.
First you’re being asked to enter a Captcha:
Then you are tested on your knowledge of your friends’ pictures:
In order to proceed, Facebook needs to verify that you are the owner of this account. To do this, please identify the people tagged in the following series of photos.
To pass, you cannot get any answers wrong. If you aren’t sure about a question, please skip it. You can only skip two questions.
If you fail, you get this:
Please come back in a little while
Your answers were not accurate enough.
For security reasons, you are only allowed to authenticate your identity once every hour. Please come back then to try again. Sorry for the inconvenience.
If you succeed after having failed previously, you will be shown the recent login attempts to review.
Please review recent activity on your Facebook account
Your account was recently accessed from a location we’re not familiar with. Please review the activity details below.
If anything looks unfamiliar, we’ll help you change your password (this will help prevent people in the future from accessing you account without permission).
Do you recognize the account activity listed above?
Note the funny wording about preventing people from the future to access your account. Ambiguous. What if I want my future self to access it?
Is it too much?
Although these extensive security measures really do their job of keeping unauthorized persons to access your Facebook account, aren’t they a bit too much?
Wouldn’t a more classical method combining a Captcha and an email with a link to confirm you identity be enough?
Here you have a Captcha, plus a series of 7 pictures with friends tagged.
You cannot make any mistake, you can only skip two questions.
It is overkill for user identification.
Hence the underlying reason behind this flow is more for fake user account determent than really protecting your account from unauthorized logins.
Maybe at some point the only way you will be able to add a friend on Facebook will be to go through 7 random pictures with and without your candidate friend on it and you would have to tell if he is in the picture or not.
This will certainly upset spammers using fake accounts using friends they know nothing about.
But it will also upset those real people having lots of friends because they are just over eager to add more.
We all have one of those friends, don’t we?
You know, those with more than 1,000 friends you always wondered how they know so many people (and they probably don’t).
I’m curious to know how well they would do at the photo tag test.