In association with heise online

14 October 2010, 17:14

Facebook introduces one time passwords for insecure computers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Facebook Logo In future Facebook users will be able to receive a one time login password as a mobile phone text. To use this service users will of course have to enter their mobile phone number into their Facebook account details. According to Facebook, this should allow a secure log-in from public computers in hotels, airports or cafés. Although a trojan installed on such a computer would be able to steal the single use password, it would not be valid for later log-ins and criminals using password-stealing trojans rarely login contemporaneously.

Users will still be able to log in using their usual passwords. To have a one-time password (OTP) sent to them, users have to text "OTP" to a Facebook number. The one time password is valid for a maximum of 20 minutes.

Facebook has also added additional account security features which now allow users to remotely close an open session on another computer, where for example they have forgotten to log out of a session or have been hacked. Facebook hopes this will help reduce account theft. Facebook accounts are very popular among spammers.

Microsoft and Google have also recently introduced improved measures aimed at making account theft more difficult.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit