Facebook has introduced two new security features, what it hopes will make users feel more secure: Onetime Passwords, and Remote Logout. As always, through the many iterations of Facebook’s security features and policies, just how secure Facebook is depends a lot on just how secure the user makes it, quite consciously, as is the case here:
Onetime Passwords
If your mobile is associated with your account, you will be able to request a onetime password from Facebook that’s valid for twenty minutes, meant to be used at unsecure locations.
Facebook says: “Simply text “otp” to 32665 on your mobile phone (U.S. only), and you’ll immediately receive a password that can be used only once and expires in 20 minutes. In order to access this feature, you’ll need a mobile phone number in your account. We’re rolling this out gradually, and it should be available to everyone in the coming weeks.”
Remote Logout
As the name says, users will be able to remotely logout of their accounts, in case they logged in at other secure/unsecure locations, and forgot to logout.
[RELATED_ARTICLE]Both features require users to make an active effort to secure their accounts. Sophos Labs do point out that Onetime Passwords will still be vulnerable to malware, even if the random short lifespan password wards away from keylogging spyware.
Common sense as always prevails, making the above features redundant unless required in unavoidable circumstances. Sophos’ Graham Cluley warns:
“There’s a simple lesson that everyone needs to learn. Never visit websites like Facebook from computers that may not be running adequate anti-virus software or security patches. If you don’t trust the PC, don’t use it to access Facebook – even if you do have a temporary password,” continued Cluley. “Instead, wait until you have access to a trusted PC, rather than risking sharing your personal information with unknown others. There’s a real danger that the one-time-password system will be viewed as a green light by Facebook users to access their accounts from unsafe PCs.”