October 14, 2010

Facebook Offers New Security Tools For Users On The Go

Facebook announced a number of new security tools on Wednesday, including temporary passwords that make it safer for users to log on to the social networking site from public computers, and the ability to log-off from a mobile phone.

The company said the new measures would also help prevent cybercriminals from accessing users' accounts.

The "one-time password" feature lets users avoid typing in permanent passwords when using shared or public computers in places such as airports, cafes and hotels. 

Users will need to text the words 'otp' to 32665, and will then be sent a temporary password that expires in 20 minutes.

"If you have any concerns about security of the computer you're using while accessing Facebook, we can text you a one-time password to use instead of your regular password," said Facebook integrity team member Jake Brill in a post on the company's official blog.

Users must have a mobile phone number in their account in order to access the temporary password feature, which Brill said would be rolled out in the coming weeks.

Facebook also unveiled a new feature that will allow members to log out of their accounts remotely using a computer, smartphone or other device.

That feature is now available to everyone, Brill said.

"These session controls can be useful if you log into Facebook from a friend's phone or computer and then forget to sign out," he said.

"From your account settings, you can check if you're still logged in on other devices and remotely log out."

The company also said it would begin regularly prompting members to update their security information.

"If you ever lose access to your account, having this information helps us verify who you are and get you back into your account quickly," Brill said.

Some security experts questioned how much the new tools would improve members' safety.

"If someone else is able to gain access to your phone then that's an open door for mischief-makers to access your Facebook account," said Graham Cluley of security firm Sophos.

"A temporary password may stop keylogging spyware giving cybercriminals a permanent backdoor into your account, but it doesn't stop malware from spying upon your activities online and seeing what's happening on your screen," he told BBC news.

Cluley said Facebook's requirement that users register their mobile phone number to their account could create a vulnerability.

"Do you know if you've registered your mobile phone number on Facebook? Would you notice if someone changed it? Imagine a scenario where some 'fraper' changes the mobile number of your account to one to which they have access. That may mean that anytime they like they could access your Facebook account," he explained.

Facebook chief security officer Joe Sullivan emphasized the importance the company places on its members' security.

"From our standpoint, safety and security is a core part of Facebook and a core part of the user experience," Sullivan said during an interview with CNN.

"It's a core part of the ways we innovate as a company."


On the Net: