Network News

X My Profile
View More Activity

Facebook adds one-time passwords, remote logout

Using Facebook from a public computer that you think might be hacked? Log on from your phone, or give the site a rest. But if you can't or would rather not, the social network now provides two extra safeguards.

One, as explained in a blog post, is to have the site send a one-time password, good only for the next 20 minutes, in a text message to the mobile-phone number listed on your account's security-information page. To order up a one-time password, text "otp" to the site's usual short code, 32665 (or "fbook").

But after you add your mobile number, you'll want to switch over to your account's notifications page to stop the Palo Alto, Calif., company from messaging you about less important things. Here's a notification for Facebook management: When users adds their mobile numbers on an account-recovery page, it's sleazy and self-serving to assume they want to be texted about non-security issues.

It may also be a while before you can use this option, as the blog post advises: "We're rolling this out gradually, and it should be available to everyone in the coming weeks."

Facebook's other security upgrade allows you to log out of your account remotely from another computer -- useful if you log into Facebook from a computer or phone that's public or belongs to someone else and then forget to sign out. To do that, log in (from a computer you know to be secure), select your account settings, and click the Account Security header. When you see a login listed that you don't recognize -- say, a report that "you" last logged on from St. Petersburg, Russia -- you can click an "End Activity" button to shut down that session.

(Disclaimer: I'm tired of having to write the same old disclaimer that Washington Post Co. chairman Don Graham sits on Facebook's board of directors. Haven't you all memorized that by now?)

I like both of today's security measures -- aside from the clumsy, spammy way Facebook treats users who add their mobile numbers. But I also think they suffer the generic defect of all optional security features: The people most likely to to take these extra steps are often the ones less likely to get hoodwinked by a hack.

Have you or somebody you know had a Facebook account compromised lately? How did it happen, if you know? And how, if ever, were you able to recover it?

By Rob Pegoraro  | October 12, 2010; 5:04 PM ET
Categories:  Privacy, Security, Social media  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: A check-in at Foursquare HQ (and with founder Dennis Crowley)
Next: Patch Tuesday brings record harvest of security fixes

Comments

Not hacked, but someone is copying accounts with name, info, and some pics and the using it to make friends with people you know. Once theyh've done that then they use it to try and get people to send money to you. Only thing is, you don't know anything about it until one of your friends tells you. I don't see any reports about that anywhere yet, but I see it happening a lot.

Posted by: dkf747 | October 13, 2010 12:25 PM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




characters remaining

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company