San Francisco — Users of the world’s popular social networking website Facebook are nervous about using their real password on public computers can now get a one-time password sent to their mobile phones. In an attempt to ward off keyloggers, Facebook on Tuesday unveiled a new security feature that will provide users with a temporary password for use on public computers.
The social network site is gradually rolling out the feature that should be available to everyone in the next few weeks to have Facebook text a one-time password to users apprehensive about working on machines other than their normal computers, such as public computers in hotels, cafés or airports.
Those signing into Facebook from a public place like a hotel or café can just text “otp” to 32665 from your mobile phone, and Facebook will then answer back with a password that can be used only once and expires in 20 minutes, blogged Jake Brill, product manager for Facebook’s integrity team. “In order to access this feature, users will need to add a mobile phone number in their account. We are rolling this out gradually, and it should be available to everyone in the coming weeks.”
The social-networking site also mentioned that its remote log-out feature has now been activated for all users. The option, first revealed in early September, allows you to log out of other sessions — on a friend’s computer or the library, for example — remotely by clicking the “end activity” button under the “Account Security” section of your account.
According to a Facebook spokesperson, in order for a user to confirm a mobile phone number added to their account belongs to him or her, the user would have to enter a code back on Facebook the site sends them via SMS. The idea is to protect users in the event that a computer has been hacked and someone has installed password-stealing keylogging software on it. Instead of stealing a permanent password, the keylogger will record only a temporary password that cannot be used again.
In fact, Facebook has been playing a cat-and-mouse game with scammers over the past few years as criminals find new ways to misuse the social network. However, currently there is no infallible option available to stop a person with someone else’s phone from intercepting the password if they can access the person’s text messages.
“Unfortunately we can not protect against all scenarios,” the spokesperson said. “If someone else has your phone and wants to do malicious things, there are a lot of different” things they can do.
Facebook is not the only site to adopt the SMS channel for account security. Microsoft recently did something similar for Hotmail to enable users to reset their account passwords through their mobile phones.
To stay ahead of the scammers, Facebook also promised to provide users with regular prompts to keep them informed about their contact information and security questions are up to date.
“We are always working to make your online experience more secure, and we encourage you to try these new features for yourself to help protect your account,” Brill, wrote in a blog post.
This is the sort of data that can be used to recover a Facebook account in case a scammer manages to pilfer a user’s password, so keeping this security information updated will make it easier for legitimate users to regain control of their accounts in case of a compromise.