Facebook users skittish about using their real password on public computers can now get a one-time password sent to their mobile phones.
Facebook has added a one-time password feature as part of an effort to
address account security.
The social network site is gradually rolling out the ability to have
Facebook text a one-time password to users
concerned about working
on machines other than their normal computers, such
as public computers in hotels, cafes or airports.
"Simply text 'otp' to 32665 on your mobile phone, and you'll
immediately receive a password that can be used only once and expires in 20
, product manager for Facebook's integrity team. "In order
to access this feature, you'll need a mobile phone number in your account.
We're rolling this out gradually, and it should be available to everyone in the
According to a Facebook spokesperson, for a user to confirm a mobile phone
number added to their account belongs to him or her, the user would have to
enter a code back on Facebook that the site sends them via SMS. There is
currently no provision, however, to stop a person with someone else's
phone from intercepting the password if they can access the person's text
"Unfortunately we can't protect against all scenarios,"
the spokesperson said. "If someone else has your phone and wants to
do malicious things, there are a lot of different" things they can
Facebook is not the only site to go the SMS route for account security.
Microsoft recently did something
similar for Hotmail
to enable users to reset their account passwords
through their mobile phones.
In addition to the new password feature, Facebook also announced it has
finished rolling out the remote
to the site's 500 million users.
"These session controls can be useful if you log into Facebook from a
friend's phone or computer and then forget to sign out," Brill blogged. "From
your Account Settings, you can check if you're still logged in on other devices
and remotely log out. Under the Account Security section of your Account
Settings page you'll see all of your active sessions, along with information
about each session. In the unlikely event that someone accesses your account
without your permission, you can also shut down the unauthorized login before
resetting your password and taking other steps to secure your account and
In addition, Facebook said it will begin regularly prompting users to keep
their security information updated.
The latest security announcements follow another privacy flap last week that
occurred when Facebook announced
a new Groups feature
to allow users to create small groups of friends to
share information with. The Groups are set to "closed" by default,
meaning the names of members are visible to the public but content posted to
the group is not. Other settings include "secret," where the names and
content are hidden, and "open," where everything is visible.
Controversy broke out, however, due to Facebook's decision not to give users
the power to approve whether or not a friend adds them to a group. According to
Facebook's Help Center,
"you can only be added to a group by one of your friends. When a friend
adds you to a group, a story in the group (and in News Feed for Open or Closed
groups) will indicate that your friend has added you to a group."
Users can leave groups at any time, and if they choose to do so, they can't
be re-added by someone else unless they request it, Facebook added.