New Facebook security system does not substitute for good user habits

Mantis

Senior Member
Joined
Nov 2, 2005
Messages
883
Haven't checked Facebook in a while (and can't do it now from work) and the article doesn't give details on how the password system works.
I'm assuming its different to the internet banking FNB and Clicks, et al have whereby you login, get sms'd a one time pin and have to type it in to gain further access ... ??
 

RoganDawes

Expert Member
Joined
Apr 18, 2007
Messages
1,212
Haven't checked Facebook in a while (and can't do it now from work) and the article doesn't give details on how the password system works.
I'm assuming its different to the internet banking FNB and Clicks, et al have whereby you login, get sms'd a one time pin and have to type it in to gain further access ... ??

Yes, it is different. In this case, you SMS a word to a specific number (e.g. "OTP" to 32xxx, or similar), and FB will SMS you a temporary password, valid for once off use within 20 minutes.

Of course, if I can get hold of your phone for a minute, I can send the SMS, get a temp password for your account, delete it all, and log on as you.

While I tend not to align my thinking with AV vendors, in this case I think they have good advice. Rather wait until you can get to a trusted PC. It's good advice for most services, not just FB.
 

sutekj

Senior Member
Joined
Apr 28, 2008
Messages
625
Yes, it is different. In this case, you SMS a word to a specific number (e.g. "OTP" to 32xxx, or similar), and FB will SMS you a temporary password, valid for once off use within 20 minutes.

Of course, if I can get hold of your phone for a minute, I can send the SMS, get a temp password for your account, delete it all, and log on as you.

While I tend not to align my thinking with AV vendors, in this case I think they have good advice. Rather wait until you can get to a trusted PC. It's good advice for most services, not just FB.

Whether you're waiting to get to a trusted PC or not doesn't negate the new introduced risk. Waiting for a trusted PC doesn't affect if someone can steal your phone to get a temporary password for your Facebook account. So this feature should be optionally activatable for people who want to use it.

It is a much safer option however, if you need to use computers at an internet cafe or something.

I don't think this is a bad idea at all, as long as they make it activatable, and not on by default.
 
Top