This article was sent to you by someone who found it on SFGate.
The original article can be found on SFGate.com here:
http://www.sfgate.com/cgi-bin/article.cgi?file=/g/a/2010/10/12/urnidgns852573C400693880002577BA006CF814.DTL
---------------------------------------------------------------------
Tuesday, October 12, 2010 (SF Gate)
To thwart keyloggers, Facebook introduces one-time passwords
Robert McMillan, IDG News Service\San Francisco Bureau<br /><a href="http://www.idg.com/www/rd.nsf/rd?readform&u=http://www.idg.com/idg_news_service" target="_blank" style="text-decoration:none"><img src="http://www.idg.com/images/syndication/idg_15.png" alt="" border="0" /></a>
(10-12) 13:51 PDT -- Worried about logging into Facebook from a strange
computer? There's now a way to get into the popular social network without
entering your regular Facebook password.
It's called a temporary password, and Facebook announced the new service
on Tuesday.
The idea is to make it "safer to use public computers in places like
hotels, cafes or airport," said Facebook Product Manager Jake Brill in a
blog post. "If you have any concerns about security of the computer you're
using while accessing Facebook, we can text you a one-time password to use
instead of your regular password."
The service is being rolled out gradually to Facebook users and will be
available worldwide in the next few weeks.
To use it, users must list their mobile phone numbers with their Facebook
accounts. They can then text the letters "otp" to the number 32665 from
their phones. Facebook sends back a temporary password that is good for 20
minutes.
The idea is to protect users in the event that a computer has been hacked
and someone has installed password-stealing keylogging software on it.
Instead of stealing a permanent password, the keylogger will record only a
temporary password that can't be used again.
Facebook has been playing a cat-and-mouse game with scammers over the past
few years as criminals find new ways to misuse the social network.
Last month Facebook introduced new ways for users to track which computers
have been used to log into their accounts and to remotely log out of
machines that shouldn't have access to them.
That feature was also rolled out gradually and is now available to all
users, Brill said.
To stay ahead of the scammers, Facebook plans to increasingly prompt users
to make sure that their contact information and security questions are up
to date. This is the kind of data that can be used to recover a Facebook
account if scammers manage to steal a user's password, so keeping this
security information updated will make it easier for legitimate users to
regain control of their accounts in case of a compromise.
Robert McMillan covers computer security and general technology breaking
news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan.
Robert's e-mail address is robert_mcmillan@idg.com
Copyright (c) 2010, IDG News Service. All rights reserved. IDG News
Service is a trademark of International Data Group, Inc. ----------------------------------------------------------------------
Copyright 2010 SF Gate
No comments:
Post a Comment