The Facebook security team will share how we approach the security challenges involved in protecting the identities of over a billion users on our site. This talk is partly about our culture, and partly on how we take a practical, risk-based approach to security. In the first part of the talk Mark Crosbie will give an overview of our culture, how we think about security and what makes Facebook unique in the industry in this regard. Then Tim Tickel and Four Flynn will give an in-depth look at Facebook's easy to use internal multi-factor authentication deployment. We will discuss our motivations, how our solution works, technical and security trade-offs, deployment problems, and outstanding issues.