Today, Facebook launched its temporary password service, 'one-time password,' allowing users to retrieve a one-time use password via text message to log in to shared computers. The process is simple. Users text a short code to Facebook and a temporary password is sent in reply. The password expires after 20 minutes and prevents a would-be hacker from accessing the user's account through password-stealing software. Sounds pretty nifty, right? Unfortunately, this new security feature is not air-tight. All users who have listed a mobile number on their profile (private or not) are opt-ed into the one-time password program without notification. No pin is required to receive a temporary password via mobile phone, leaving users open to account hacking if they say, leave their phone on a bar floor and it ends up in the wrong hands. It's a good thing the Facebook PR team has done such a bang up job of disseminating the details of this new feature by posting it on their blog, which I know everyone reads daily, right?
http://blog.facebook.com/blog.php?post=436800707130
No comments:
Post a Comment