Facebook announces one-time passwords and remote log-outs

by Steven Mostyn - Oct 14 2010, 07:09

In an effort to enhance security for its on-the-go users, social networking giant Facebook has this week announced the introduction of new peace-of-mind features including 'one-time' passwords.

“If you have any concerns about the security of the computer you're using while accessing Facebook, we can text you a one-time password to use instead of your regular password,” outlined Facebook integrity team member Jake Brill in an official blog post.

Specifically, if a mobile Facebook user wants to access the network without running the risk of exposing their usual password, a simple text message to 32665 containing 'otp' will result in Facebook answering with a temporary password that will expire after 20 minutes.

However, while the one-time passwords may sound safe and convenient, security experts have been quick to voice their concerns.

Speaking with the BBC, Graham Cluley of Sophos warned that the temporary password system could provide “an open door for mischief-makers [looking] to access your Facebook account” should they gain access to your mobile phone handset.

According to Brill, temporary passwords are presently only available to Facebook account holders in the United States.

Another new security feature rolled out by Facebook provides users with the ability to log-out of their accounts remotely, thereby closing any other network sessions they may have inadvertently left open through other devices.  

“In the unlikely event that someone accesses your account without your permission, you can also shut down the unauthorised login before resetting your password,” wrote Brill.

Around the Web