Under fire for its recent disregard for user privacy, Facebook has made amends by tightening security and has now introduced two new features to enhance secure accounts – one-time passwords and remote logout.
One-time password is meant for people who access Facebook through public places like cybercafes. This is significant in a country like India where there is low PC penetration leading to a great chunk of the users accessing Internet from Internet Cafes. Unfortunately, this feature is restricted to U.S. only, but it may be extended to India as well. This feature is accessed by sending an SMS to receive a temporary password that expires after twenty minutes. Remote logout lets you, well, remotely sign off your Facebooks session. It’s useful when you log in through a friend’s computer or phone, but forget to log off.
However, if experts from IT security firm Sophos are to be believed, Facebook’s one-time password still leaves users vulnerable to security risks. According to Graham Cluley, senior technology consultant at Sophos, “If you believe a computer might not be secure in the first place, why would you use it to access personal accounts such as Facebook? A temporary password may stop keylogging spyware, giving cybercriminals a permanent backdoor into your account, but it doesn’t stop malware from spying on your activities online, and seeing what’s happening on your screen.”
Makes perfect sense, because the first rule of security is to stay clear of any unnecessary scenario that compromises security. So there’s no real reason to log into Facebook from public computers. However, for those who have no choice – like the ones who don’t have a PC – it’s an added layer of security. Like they say, something’s better than nothing.
- Facebook phishing: Can you spot the difference? (blogoholic.in)
- Hypocritical Facebook scores PR own-goal with sleazy attack on Google privacy (blogoholic.in)
- Spam from your Facebook account? Malware attack poses as official warning (pratyushkp.wordpress.com)
- Hypocritical Facebook scores PR own-goal with sleazy attack on Google privacy (pratyushkp.wordpress.com)