Facebook Improves Security: One-Time Login and Remote Logout

Martin Brinkmann
Oct 13, 2010
Updated • Jan 18, 2015
Facebook
|
8

So called one-time logins, single-use codes or temporary passwords seem to be one of the latest trends in web security.

Hotmail has been offering its single-use codes feature for some time now, allowing users to request a one-time password on the Hotmail login page that they receive as a message on their mobile phone that is linked to the account to sign in using the code and not their password.

Facebook yesterday introduced a similar feature that they call one-time passwords. But instead of having to visit the Facebook page to request the one-time password, Facebook users need to send the text "otp" to 32665 on their mobile phone. They then receive the password that they can use to login on Facebook. The password is only valid for one login, and will expire automatically after 20 minutes.

According to the announcement post, this feature is rolled out gradually. We are not sure at this point if this will be a US feature for now, or if this option is available globally.

There are also no information on the costs of sending and receiving the one-time password to log in.

The second improvement has been available to some users for some time already but is now available to all Facebook users. All Facebook users have the option now to see all active Facebook sessions, with the ability to end remote sessions.

This can be helpful in numerous situations. Maybe you have logged into Facebook in the library to check your account and forgot to log out. With account activity it is now possible to log out so that no one else can access the data in the account.

But this is also helpful if someone else managed to get unauthorized access to the account. The first step would be to log them out, and then change the password to protect the account and avoid this from happening again. Then again, they may do the same so you better hurry and know what you are doing.

In addition to that, Facebook will from now on display prompts after the log in that asks users to check and edit security information. Recently we have been asked to name the computer that we were working on for instance.

The blog post on Facebook does not address some questions that users may have, for instance if the one-time password option is available internationally, how much users will be charged for the request or when it is available to them.

Facebook users do need to make sure that they have the mobile phone number linked to their account, before they can start requested one-time passwords to log in.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Thahi said on October 7, 2011 at 6:47 pm
    Reply

    I cant login to my a/c

    1. sue hamilton said on October 23, 2013 at 10:36 pm
      Reply

      cant get into my facebook page.

  2. PRIYANKA said on August 1, 2011 at 4:34 pm
    Reply

    The webpage at https://www.facebook.com/Engineering#!/notes/facebook-engineering/facebook-and-world-ipv6-day/10150195205068920 might be temporarily down or it may have moved permanently to a new web address.

  3. celeste said on July 4, 2011 at 7:43 pm
    Reply

    how do i erase my facebook account
    thanks

  4. Transcontinental said on October 13, 2010 at 12:58 pm
    Reply

    Facebook is ‘killing privacy for commercial gain ( http://www.theregister.co.uk/2010/10/12/schneier_rsa_keynote_facebook/ )
    Period. I am stunned to meet such propaganda for such an insane fact.

  5. deaa said on October 13, 2010 at 12:42 pm
    Reply

    thank for u

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.