Facebook, the social networking giant with over 500 million members, has recently launched two new security options for its users, which besides favouring the security options also jeopardize a few.
Addition of optional one-time passwords (OTP) to Facebook accounts seems to be a smart move. For users who consider logging into their Facebook accounts in public places a risk, can now simply send a text to 32665 with “otp” in the message field and requests a one-time password. With this password they can access their account for the next 20 minutes. Facebook announced recently that it is rolling out this feature gradually and it should be available to everyone in the next few weeks. But what if you lose your phone, even for a brief period? Your account could be compromised easily.
Usually one-time passwords are supposed to strengthen the authentication process of a user not replace the original security option with an entirely new one. So this options dose not strengthen your authentication procedure or user`s security options, in fact it just helps you access your account at an unknown computer, which can put your entire account at risk if case you lose your mobile.
Second option that Facebook has come up with is remote log-out feature that has now been rolled out to all users. The option allows its users to log out of other sessions, opened at different times and at different places e.g. on a friend’s computer or the library etc, remotely by clicking the “end activity” button in the “Account Security” section of your account. But what if someone else takes control of our session before we get to log-out of it using this remote log-out option? Should it not get disconnected automatically after some short period of time?
From the outside, these security options apparently assure more secure social network for its users. But these loop-holes cannot be neglected either. What do you think?