Controversy over new Facebook security feature

The OTP system will allow Facebook users wishing to access their account in public spaces to request a temporary password by SMS message that will expire after 20 minutes. In a blog, Facebook claims that OTP will “make it safer to use public computers in places like hotels, cafes or airports.”

Sophos' Cluley, however, is skeptical: “ A temporary password may stop key-logging spyware giving cybercriminals a permanent backdoor into your account, but it doesn't stop malware from spying on your activities online and seeing what's happening on your screen. Furthermore, if you're anything like me, it's likely that you've mislaid your mobile phone from time to time. If someone else can gain access to your phone and send a text message, your Facebook account will be unlocked."

Additionally, Cluley is concerned that “there's a real danger that the one-time-password system will be viewed as a green light by Facebook users to access their accounts from unsafe PCs".


What’s hot on Infosecurity Magazine?