Facebook Introduces One-time Passwords To discourage Keyloggers

First a little about Keylogging or keyloggers,

Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a secret manner so that the person using the keyboard is unaware that their actions are being monitored. Key logging can be effected through numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis (sound analysis).

Keylogging is primarily used to steal passwords—belonging to anything-- email, social network, online bank account, credit cards etc.

The risk of key loggers increases when someone logs in to their accounts using compromised or public computers in places like hotels, cafes or airport.

Most people are aware of such a risk, hence they try to avoid public computers to access their important accounts. But with the surge in the mobile devices using public wi-fi networks; exercising caution is not possible all the time.

Facebook seems to have recognized this issue.

There's now a way to get into Facebook, without entering your regular Facebook password. Called a temporary password, Facebook announced the new service a few hours ago.

The new service comes as a assistance to those users who have any concerns about security of the computer they're using while accessing Facebook. To help them get rid of such worries, Facebook can text them a one-time password to use instead of your regular password.

To use it, users must list their mobile phone numbers with their Facebook accounts. They can then text the letters "otp" to the number 32665 from their phones. Facebook sends back a temporary password(can be used one time only) that is good for 20 minutes.

The service is being rolled out gradually to Facebook users and will be available worldwide in the next few weeks.

Don’t confuse it with Forgot Password service:

What do we do when we forget the password of any online account? We click on the Forgot password link, below the login window. We are asked to enter the email address we submitted for that account. And the online account mails the new password to our mailbox.

Now, this new password is not temporary in real sense; although it is handed over to us, when we forgot our real one. As though constituting of alpha numeric characters (hard to remember), if a user doesn’t bother to change this password after successfully logging in; he/she can use this alpha numeric password as long as he or she intends. 

In addition, as Facebook’s temporary password service is for security and privacy, unlike the Forgot Password service, the new password will be delivered on the Facebook user’s mobile phone. In this arrangement, its is like Google account recovery service, that helps users unlock their locked accounts. --------

No comments