Facebook Improves Security: One-Time Login and Remote Logout
So called one-time logins, single-use codes or temporary passwords seem to be one of the latest trends in web security.
Hotmail has been offering its single-use codes feature for some time now, allowing users to request a one-time password on the Hotmail login page that they receive as a message on their mobile phone that is linked to the account to sign in using the code and not their password.
Facebook yesterday introduced a similar feature that they call one-time passwords. But instead of having to visit the Facebook page to request the one-time password, Facebook users need to send the text "otp" to 32665 on their mobile phone. They then receive the password that they can use to login on Facebook. The password is only valid for one login, and will expire automatically after 20 minutes.
According to the announcement post, this feature is rolled out gradually. We are not sure at this point if this will be a US feature for now, or if this option is available globally.
There are also no information on the costs of sending and receiving the one-time password to log in.
The second improvement has been available to some users for some time already but is now available to all Facebook users. All Facebook users have the option now to see all active Facebook sessions, with the ability to end remote sessions.
This can be helpful in numerous situations. Maybe you have logged into Facebook in the library to check your account and forgot to log out. With account activity it is now possible to log out so that no one else can access the data in the account.
But this is also helpful if someone else managed to get unauthorized access to the account. The first step would be to log them out, and then change the password to protect the account and avoid this from happening again. Then again, they may do the same so you better hurry and know what you are doing.
In addition to that, Facebook will from now on display prompts after the log in that asks users to check and edit security information. Recently we have been asked to name the computer that we were working on for instance.
The blog post on Facebook does not address some questions that users may have, for instance if the one-time password option is available internationally, how much users will be charged for the request or when it is available to them.
Facebook users do need to make sure that they have the mobile phone number linked to their account, before they can start requested one-time passwords to log in.Advertisement