Facebook adds one-time passwords, remote logout
Using Facebook from a public computer that you think might be hacked? Log on from your phone, or give the site a rest. But if you can't or would rather not, the social network now provides two extra safeguards.
One, as explained in a blog post, is to have the site send a one-time password, good only for the next 20 minutes, in a text message to the mobile-phone number listed on your account's security-information page. To order up a one-time password, text "otp" to the site's usual short code, 32665 (or "fbook").
But after you add your mobile number, you'll want to switch over to your account's notifications page to stop the Palo Alto, Calif., company from messaging you about less important things. Here's a notification for Facebook management: When users adds their mobile numbers on an account-recovery page, it's sleazy and self-serving to assume they want to be texted about non-security issues.
It may also be a while before you can use this option, as the blog post advises: "We're rolling this out gradually, and it should be available to everyone in the coming weeks."
Facebook's other security upgrade allows you to log out of your account remotely from another computer -- useful if you log into Facebook from a computer or phone that's public or belongs to someone else and then forget to sign out. To do that, log in (from a computer you know to be secure), select your account settings, and click the Account Security header. When you see a login listed that you don't recognize -- say, a report that "you" last logged on from St. Petersburg, Russia -- you can click an "End Activity" button to shut down that session.
(Disclaimer: I'm tired of having to write the same old disclaimer that Washington Post Co. chairman Don Graham sits on Facebook's board of directors. Haven't you all memorized that by now?)
I like both of today's security measures -- aside from the clumsy, spammy way Facebook treats users who add their mobile numbers. But I also think they suffer the generic defect of all optional security features: The people most likely to to take these extra steps are often the ones less likely to get hoodwinked by a hack.
Have you or somebody you know had a Facebook account compromised lately? How did it happen, if you know? And how, if ever, were you able to recover it?
| October 12, 2010; 5:04 PM ET
Categories: Privacy, Security, Social media
Save & Share: Previous: A check-in at Foursquare HQ (and with founder Dennis Crowley)
Next: Patch Tuesday brings record harvest of security fixes
Posted by: dkf747 | October 13, 2010 12:25 PM | Report abuse