Facebook tries single-use passwords to boost security

Facebook has unveiled a one-time password system for anyone wary of the computer they’re using to sign into the site.

The social networking giant said the system would make it safer to logon via a public computer – such as at an internet cafe – because the user wouldn’t have to enter their real password.

“If you have any concerns about security of the computer you’re using while accessing Facebook, we can text you a one-time password to use instead of your regular password,” said product manager Jake Brill in a post on the Facebook Blog.

“Simply text ‘otp’ to 32665 on your mobile phone, and you’ll immediately receive a password that can be used only once and expires in 20 minutes,” he said. “In order to access this feature, you’ll need a mobile phone number in your account.”

The feature should be available to everyone within a few weeks, Brill added.

The move wasn’t welcomed by security expert Graham Cluley at Sophos, however. “If you believe a computer might not be secure in the first place, why would you use it to access personal accounts such as Facebook?” he asked.

“A temporary password may stop keylogging spyware giving cybercriminals a permanent backdoor into your account, but it doesn’t stop malware from spying on your activities online and seeing what’s happening on your screen,” Cluley added.

“Instead, wait until you have access to a trusted PC, rather than risking sharing your personal information with unknown others,” he advised. “There’s a real danger that the one-time-password system will be viewed as a green light by Facebook users to access their accounts from unsafe PCs.”

The new password tool is the latest measure from Facebook as it tries to improve security on the site amid criticism it doesn’t do enough to protect its users.

Facebook also said that its remote logout tool that lets users see if they’re still logged in anywhere was now available to everyone. It can be accessed via Account Security in the Account Settings area on the site.