Facebook offers temporary log-ins for public computers
Facebook is launching one-time passwords in an effort to make it safer to log on to the social network from public computers.
It also claims the system will help prevent cyber-criminals accessing users’ accounts.
Users need to text the words ‘otp’ to 32665 and they will be sent a temporary password that will expire after 20 minutes.
But security experts questioned whether the system was safe.
“If someone else is able to gain access to your phone then that’s an open door for mischief-makers to access your Facebook account,” said Graham Cluley, senior technology consultant at security firm Sophos.
It may also not be a foolproof method of avoiding Facebook hackers.
“A temporary password may stop keylogging spyware giving cybercriminals a permanent backdoor into your account, but it doesn’t stop malware from spying upon your activities online and seeing what’s happening on your screen,” he said.
Users of the system must have a mobile phone number registered to their account, which could also open the system up to exploitation, thinks Mr Cluley.
“Do you know if you’ve registered your mobile phone number on Facebook? Would you notice if someone changed it? Imagine a scenario where some ”fraper’ changes the mobile number of your account to one to which they have access. That may mean that anytime they like they could access your Facebook account,” he said.
Facebook also launched another new feature which will allow people to sign out of Facebook remotely, aimed at those who log in to the social network via a friends phone or computer and then forget to sign out.
People will be able to keep a closer eye on the status of their accounts, Jake Brill wrote in the official Facebook blog.
“In the unlikely event that someone accesses your account without your permission, you can also shut down the unauthorised login before resetting your password,” he wrote.
- Facebook introduces one-time passwords (go.theregister.com)