By its nature as a social network, Facebook is a gold mine for cyber criminals. Recognizing the threat of account hijacking and compromise, Facebook has implemented new secuirty features to protect Facebook accounts, including a one-time password via mobile phone text message.
Compromising a Facebook account exposes a variety of personal information about the legitimate account holder that can be usde for identity theft, or might help deduce passwords and other details enabling the attacker to hijack other accounts.
Compromising a Facebook account exposes a variety of personal information about the legitimate account holder that can be usde for identity theft, or might help deduce passwords and other details enabling the attacker to hijack other accounts.
A security control like this one-time password changes that. Relying on physical possession of the designated mobile phone is a security control that can't be simply guessed or cracked. With a lifespan of only 20 minutes, the one-time password reduces the window of opportunity for stealing the password and compromising the Facebook account to almost nothing.
Keep in mind, though, that the one-time password can also have the opposite of the desired effect. If the designated mobile phone is lost or stolen, its "new owner" can probably deduce enough personal information to determine if the legitimate owner has a Facebook account--especially if it's an iPhone or other smartphone and it has a Facebook app. With mobile phone in hand, there is no reason the attacker can't simply text "otp" to 32665 and get one-time access to the account as well.
The one-time password from Facebook is the latest security control, but not the first, to capitalize on text messaging and the mobile phone.
Businesses that use Facebook should put these controls to use to monitor and protect the integrity of the account, and guard against data leakage and reputation damage that might result from a Facebook account compromise.
Posts
