Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Adds Two-Factor Authentication

timothy posted more than 3 years ago | from the your-name-and-your-real-name dept.

Facebook 124

angry tapir writes "To help its hundreds of millions of users prevent unauthorized access to their accounts, Facebook has added an optional verification step to its log-in process. The new security feature, called Login Approvals, is a form of two-factor authentication."

Sorry! There are no comments related to the filter you selected.

Security? (4, Funny)

Anonymous Coward | more than 3 years ago | (#36116424)

That's like putting a steel door on a straw house...

Re:Security? (3, Insightful)

Hultis (1969080) | more than 3 years ago | (#36116476)

More like putting a steel door next to the regular one most people will still use.

Re:Security? (-1)

Anonymous Coward | more than 3 years ago | (#36116648)

facebook has had two-factor authentication since day one -- penis + vagina!!!

Re:Security? (1)

Anonymous Coward | more than 3 years ago | (#36116810)

No, not really. That's a terrible analogy. More like offering a choice of a steel or a regular door.
And people complaining about security - pah. It doesn't have to withstand assaults from highly skilled hackers, merely stop password guessing, etc. I have university students on my friends list who are regularly being 'facebook raped' and this, perhaps, would stop some that.

Re:Security? (1)

tripleevenfall (1990004) | more than 3 years ago | (#36117614)

The forest-for-the-trees here is - what's the point of having extra login security for a website that has a business model that hinges on compiling and storing your personal information to sell to advertisers?

Re:Security? (1)

NevarMore (248971) | more than 3 years ago | (#36117638)

It gets them your phone number.

Re:Security? (1)

Dunbal (464142) | more than 3 years ago | (#36117524)

It's like putting TSA employees in front of a gate.

Re:Security? (1)

molnarcs (675885) | more than 3 years ago | (#36118030)

That's like putting a steel door on a straw house...

That's not Funny (mods!) that's accurate. You set all your privacy settings to friends only. You refuse all app invitations by default. And yet, your email address and every detail you publish will be handled to spammers on a silver platter by a single person who clicked on the "who viewed your profile" scam. Facebook is becoming MySpace - a platform for spammers, scammers and virus writers, not to mention Facebook's shady partners (Zynga & Co). I quit - I still have my profile, but left a message, a note and a short blurb on my profile info with links to my blog where I explain in detail why I left and encouraging others to do so. The final straw was when a lady accused me publicly (ie on my wall) of stalking her. Had no idea who she was actually (I probably knew her - friend of a friend of a friend or sth, I never accepted friend requests from complete strangers) - probably my name was chosen randomly from her contact list when accepting one of the "who viewed your profile" invitations. I think Facebook is past its peak - it was ok and useful, but now it's more trouble than it's worth. And we do have plenty of alternatives for keeping in touch.

Re:Security? (0)

Anonymous Coward | more than 3 years ago | (#36118240)

And this "steel door" is already rotten !

SMS sniffing happens in the wild.

Also, this is just a normal evolution to connect two databases (the Tel number reveal the position log of an individual)

Harvesting (2, Interesting)

tpotus (1856224) | more than 3 years ago | (#36116428)

As someone pointed out in the article comments; This enforces fb's agenda to have its users submit as much personal info as possible to them.

Protect your MafiaFarmPetVilleWars! (3, Insightful)

L4t3r4lu5 (1216702) | more than 3 years ago | (#36116432)

Give us your telephone number.

This isn't creepy at all.

Re:Protect your MafiaFarmPetVilleWars! (0)

Anonymous Coward | more than 3 years ago | (#36116452)

And now they are going to point fingers at Google and say they did it first.

Re:Protect your MafiaFarmPetVilleWars! (3, Informative)

dragonhunter21 (1815102) | more than 3 years ago | (#36116542)

Actually Google's uses a special app, Google Authenticator. No phone number required.

Re:Protect your MafiaFarmPetVilleWars! (2)

ThunderBird89 (1293256) | more than 3 years ago | (#36117134)

Only if you have an Android phone. Otherwise, and even if you do, you can opt for/have to use text messages, an automated phone call, or a OTP you printed earlier.

Re:Protect your MafiaFarmPetVilleWars! (2)

dragonhunter21 (1815102) | more than 3 years ago | (#36117230)

Actually, it appears that there's not only an iPhone app, but a Blackberry app, too.

Still, I don't think I'll be taking advantage of Facebook's offer, here. Don't like the idea of Facebook having my phone number. Judging by the other comments, I can see I'm not alone.

thank you (google voice | text+ | your virtual #) (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36116488)

This is where services like text+ shine: get an SMS throw away number and those future call center initiated contacts will get spam filtered.

Re: thank you (google voice | text+ | your virtual (1)

Edzilla2000 (1261030) | more than 3 years ago | (#36117068)

Except in this case the number needs to stay valid, otherwise you can't receive a text later on if you want to log in to facebook elsewhere.

Re:Protect your MafiaFarmPetVilleWars! (1)

_0xd0ad (1974778) | more than 3 years ago | (#36117754)

Implying they don't probably already have it. It's not like this is new. You've been able to link your Facebook account to your SMS number for a long time... you can get a text message whenever someone sends you a message or posts on your wall.

Hell, Slashdot does it too. Enter your mobile number in the user prefs [slashdot.org] and then there are a number of site messages [slashdot.org] that can be set to notify you via Mobile Text.

Re:Protect your MafiaFarmPetVilleWars! (-1)

Anonymous Coward | more than 3 years ago | (#36118056)

Yeah, it's totally crazy that a web site, devoted to "social networking" would ask for your phone number, the sole purpose of which is.. communication with other people.

Totally creepy and bizarre. What's next, our doctors will ask for a blood sample during a routine physical?! The thought makes my skin crawl!

Facebook has my cell phone number already. I posted it there so my friends can find it if they need it. I have received exactly zero obscene phone calls on that number since I shared it with Facebook. What the fuck are you so worried about, that the Zuck is going to call you up and ask if he can come over to shave your balls, maybe give you a deep rimming after prancing around in ladies' underwear for you?

Stop being such an alarmist twat.

FaceBook adds Two Factor Authentication (1)

Anonymous Coward | more than 3 years ago | (#36116482)

"Because if they steal your private data, we can't sell it to them!"

Re:FaceBook adds Two Factor Authentication (5, Insightful)

curtisk (191737) | more than 3 years ago | (#36116512)

"Because if they steal your private data, we can't sell it to them!"

Thats so sadly funny... Facebook isn't even the least bit shy anymore, "just give us you cell/mobile number, its for safety!" I wonder what new data correlations and connections they can now make with that extra tidbit of data in that database version of you(in the database version of the world)

Two Factor Authentication == Phone Authentication (1)

Requiem18th (742389) | more than 3 years ago | (#36117438)

Have you noticed how every news we get about "Two Factor Authentication" ALWAYS means "Mobile Phone Authentication"?

I don't know if you read TFA, I did so just to confirm it but could see it coming from miles away. It has come to be that you don't really have to ask what kind of "Two Factor Authentication" they are scheming because it always always always means "Mobile Phone Authentication"

Re:Two Factor Authentication == Phone Authenticati (1)

rjstanford (69735) | more than 3 years ago | (#36117658)

Its because most people already have a mobile phone, and thus they can offer this for free. They already have email verification though the "I forgot my password" process, so that wouldn't be newsworthy. What's the alternative, sending everyone a SecureID card? Should every website make you carry a keyfob to use it?

Re:Two Factor Authentication == Phone Authenticati (1)

Richy_T (111409) | more than 3 years ago | (#36117934)

If openid were adopted more widely, you'd only need the one keyfob (or not at all depending on your provider)

Though as it looks like facebook is likely to fill the niche that openid was intended for if things continue as they are, if facebook did this, that may be sufficient.

Re:Two Factor Authentication == Phone Authenticati (0)

Anonymous Coward | more than 3 years ago | (#36117784)

And years ago have you ever noticed how "Two Factor Authentication" ALWAYS meant "token generator keyfob"? What's your point?

Re:Two Factor Authentication == Phone Authenticati (0)

Anonymous Coward | more than 3 years ago | (#36118116)

Not always. http://tiqr.org/ [tiqr.org] sounds interesting (droid and iDevice only atm)

Re:FaceBook adds Two Factor Authentication (1)

pmontra (738736) | more than 3 years ago | (#36116920)

That line seems to be very common today [slashdot.org] .

Let me guess... (4, Funny)

msauve (701917) | more than 3 years ago | (#36116500)

This is Facebook, so the two factors are username and password.

Re:Let me guess... (1)

Seumas (6865) | more than 3 years ago | (#36116504)

I can't believe I just laughed at that. God damn it.

Re:Let me guess... (0)

Anonymous Coward | more than 3 years ago | (#36116740)

It's okay to have a covert chuckle every so often.

Re:Let me guess... (3, Funny)

rsmith-mac (639075) | more than 3 years ago | (#36116508)

Passwords are too hard to remember, particularly for the hardcore Facebook addicts. Instead it will be your username and your mother's name, that way you can quickly look it up on your friends list should you forget it.

Re:Let me guess... (1)

syousef (465911) | more than 3 years ago | (#36116604)

This is Facebook, so the two factors are username and password.

No they are password and captcha made of farmville goat.cx

Re:Let me guess... (3, Funny)

Anonymous Coward | more than 3 years ago | (#36116606)

With every app and advertising maker having full access anyway, I think this [wordpress.com] is what I think they have in mind. Now with TWO locks!

Re:Let me guess... (0)

Sulphur (1548251) | more than 3 years ago | (#36116842)

This is Facebook, so the two factors are username and password.

The two factors are zero and one.

Re:Let me guess... (0)

Anonymous Coward | more than 3 years ago | (#36116984)

This is Facebook, so the two factors are username and password.

No way I would trust Facebook with my username and password.

Re:Let me guess... (1)

pnutjam (523990) | more than 3 years ago | (#36117526)

I assume you are joking, but I have reused website passwords in the past. I refuse to do this for facebook. I don't trust them. I certainly won't give them my cell number. This is also useless for people who browse facebook primarily on their phone. It either won't be supported by their facebook app, or someone who steals (or borrows) their phone could still get access.

Re:Let me guess... (0)

Anonymous Coward | more than 3 years ago | (#36117258)

The two numbers are 1 and 1.

Re:Let me guess... (1)

Bing Tsher E (943915) | more than 3 years ago | (#36117370)

Based on my experience with Facebook, the two factors are a browser cookie and a mouse click.

Details needed (1)

codeButcher (223668) | more than 3 years ago | (#36116514)

To help its hundreds of millions of users prevent unauthorized access to their accounts

Is access by FB employees and TLA agents a form of authorized access or unauthorized?

Re:Details needed (1)

Hultis (1969080) | more than 3 years ago | (#36116538)

It's most certainly authorized by the government and FB.

I wonder if that's available in the UK (1)

Chrisq (894406) | more than 3 years ago | (#36116554)

I wonder if that's available in the UK. It would be nice to know that its costing them money every time you log in.

Re:I wonder if that's available in the UK (0)

Anonymous Coward | more than 3 years ago | (#36116832)

I'm off to write a script...

It's not two-factor authentication. (1)

Anonymous Coward | more than 3 years ago | (#36116582)

Asking two different passwords isn't considered "two-factor" authentication.

There are three factors:
1) What I know (passwords, pin)
2) What I have (tokens, smartcards)
3) What I am (retina scan, fingerprint)

For two-factor authentication you will need to have two of the three factors. Facebook uses a password and a code. It doesn't matter if they're different, it's still just one factor (what you know).

Re:It's not two-factor authentication. (2)

Hultis (1969080) | more than 3 years ago | (#36116608)

That code is sent to your phone though, which is something you have (and there's presumably a short time window to use that code) => two-factor authentication.

Re:It's not two-factor authentication. (0)

icebraining (1313345) | more than 3 years ago | (#36116656)

It sends the code to your phone, therefore it's "what I have". It's closer to a token than a password.

Better yet (1)

bipedalhominid (1828798) | more than 3 years ago | (#36116584)

Just give them your mother's maiden name and your SSN and get it over with. Might as well just have your paycheck auto-deposited into their accounts. That's what they really want. Please someone tell me this Facebook is a fad. Maybe between Facebook outright selling your privacy and the hackers stealing your identity the faceless masses of people using this thing will get burned enough to run off somewhere else. It's time to seriously setup the next Facebook for the sheeple, then get anonymous to attack the existing Facebook and steal everyone's info. Then when the sheeple respond with the inevitable knee-jerk reaction and leave Facebook, they'll only be looking for the next shiny/shiny to play with. So if you had FaceBook II setup and raring to go, instant net millionaires we will be. Who's with me? Any decent web coding monkeys out there?

Re:Better yet (0)

Anonymous Coward | more than 3 years ago | (#36116798)

Any decent web coding monkeys out there?

On /.? You must be new here.

Re:Better yet (1)

foniksonik (573572) | more than 3 years ago | (#36116830)

Web monkeys too busy writing FB Apps and getting paid.

Re:Better yet (1)

bipedalhominid (1828798) | more than 3 years ago | (#36117372)

I meant monkey in a good way. There are good monkeys, I swear.

What's the duration? (1)

Coisiche (2000870) | more than 3 years ago | (#36116586)

So... rather then provide a fob or phone app to provide a "one-time" number that constantly changes, they'll SMS it to your phone. Well, it's not exactly instant and depending on network load can take a while (ok the 4 hour delays at new year are a bit of an exception from the norm). It seems to me that the "one-time" number has to remain valid for quite a while and every second would increase the vulnerability.

Re:What's the duration? (1)

rjstanford (69735) | more than 3 years ago | (#36117690)

So... rather then provide a fob or phone app to provide a "one-time" number that constantly changes, they'll SMS it to your phone. Well, it's not exactly instant and depending on network load can take a while (ok the 4 hour delays at new year are a bit of an exception from the norm). It seems to me that the "one-time" number has to remain valid for quite a while and every second would increase the vulnerability.

Meh. Simply adding the requirement - even if the codes never expired - would decrease the ability of a "password guesser" to gain access by a factor of several thousand (probably much more). Expiring the codes after a day would be just fine. Worrying about being 1,000,000 times more secure vs. only 10,000 times more secure is a silly reason to not do it the simple way.

privacy (0)

Anonymous Coward | more than 3 years ago | (#36116590)

So now I have to trust them not to give out my phone number?

Re:privacy (1)

mr1911 (1942298) | more than 3 years ago | (#36117478)

That would be the naive way to do it.

You would be better off assuming they will sell your phone number.

Extra layer of security (5, Funny)

ray_mccrae (78654) | more than 3 years ago | (#36116610)

I heard that the two form authentication will involve both your password and verification that you've posted a derogatory story about Google to your blog.

Re:Extra layer of security (0)

Aladrin (926209) | more than 3 years ago | (#36116698)

Stupid mis-click. Posting to remove bad mod. :(

as if you guys dont know.... (1)

metalmaster (1005171) | more than 3 years ago | (#36116612)

Facebook already has millions of mobile numbers from its users. Just about everyone I know updates their facebook via sms or mobile app. In fact, the app on the HTC phone that my brother uses didnt even beat around the bush. When he connected the first time he created the account from his phone using what i suppose is his phone#@carrier address

WTF is the point? (4, Insightful)

geekmux (1040042) | more than 3 years ago | (#36116618)

"To help its hundreds of millions of users prevent unauthorized access to their accounts..."

Gee, that's nice Farcebook. Now, what exactly are you going to do about your privacy policies that change with the wind, forcing users to constantly monitor their settings to prevent "authorized" access?

Hard to feel safe in the car when you don't trust the driver no matter how many seat belts you have on.

Facebook adds mobile phone number capture (1)

crush (19364) | more than 3 years ago | (#36116662)

So Facebook gets to ask it's unsuspecting users for their mobile phone numbers in addition to the other data they now spew out into the eager hands of crackers and marketeers?

Sweet.

Re:Facebook adds mobile phone number capture (-1)

Anonymous Coward | more than 3 years ago | (#36116912)

FFS, learn where to use fucking apostrophes.

Facebook stupidity.. (2, Insightful)

Lumpy (12016) | more than 3 years ago | (#36116688)

"we will text your phone."

Because our admins are too stupid to remember that in the USA it costs money to receive text messages and not everyone is a tween that has unlimited texting on their phones K?

Re:Facebook stupidity.. (4, Insightful)

icebraining (1313345) | more than 3 years ago | (#36116728)

So would it be better for them not to implement it at all because you don't want to use it?

Lots of people 1) don't live in the US, and therefore doesn't pay for incoming SMS, 2) have SMS packages or 3) don't mind paying, since it's not for every login but only when a new device is used.

If you don't want to use it, nobody forces you to.

Re:Facebook stupidity.. (1)

Lumpy (12016) | more than 3 years ago | (#36117496)

Email is free to 99.997831% of the world. and "GASP" most smartphones have a data plan required but not the $30.00 a month TXT UR FRNDS plan. Plus email allows those that dont have a cellphone to do it as well.

It's called thinking a plan through so that the largest segment can access the feature.

Re:Facebook stupidity.. (3, Informative)

icebraining (1313345) | more than 3 years ago | (#36117644)

Largest segment? You do know that the vast majority of the world, including the US, still uses more feature phones than smartphones?

Not to mention that for most people if you know they're FB password you can probably access their email too; from password reuse to finding their secret answer (like your candidate for vicepresident), it's almost useless as a second authentication mechanism.

And you don't need a $30/month plan to receive one SMS a month, if that. How many times do you realistically use FB from a new device?

Re:Facebook stupidity.. (1)

icebraining (1313345) | more than 3 years ago | (#36117682)

And now I've noticed the "they're/their" error and I'm kicking myself.

Re:Facebook stupidity.. (1)

rjstanford (69735) | more than 3 years ago | (#36118274)

They already have email access. In fact, their FAQ states that if your phone is b0rked you can authorize a new computer through an email process.

Besides, if you're logging on to Facebook through a new computer, maybe you don't want to pull up your email on the same new computer? Not everyone has webmail, you know. Besides, that also removes one of the two factors - instead of a password and a device, you now need two passwords. Very different.

Re:Facebook stupidity.. (0)

Anonymous Coward | more than 3 years ago | (#36118624)

T-mobile and Sprint include unlimited text messaging with their data plans. If you aren't on those carriers, and in the US, you could use Google Voice. They can text your google voice number, which will be delivered over data, and not billed as a text message. How do I know this? I have used google voice to text people from an airplanes WiFi. If it works over Wifi, then obviously you can't be billed for it.

Re:Facebook stupidity.. (0)

Anonymous Coward | more than 3 years ago | (#36118264)

So would it be better for them not to implement it at all because you don't want to use it?

Straw man. They could just as easily have been implemented, say, a VeriSign key fob regime, like eBay/PayPal have been doing for years. But you can't send spam to a key fob.

Re:Facebook stupidity.. (5, Insightful)

ledow (319597) | more than 3 years ago | (#36116770)

I have to say - paying to receive SMS is possibly the most stupid thing I've ever heard anyone agree to. It was back when mobile phones first came out and still is now.

The problem is not Facebook there - the problem is people who tolerate a stupid system where you can end up paying for something you never asked for.

Re:Facebook stupidity.. (3, Insightful)

Chemisor (97276) | more than 3 years ago | (#36117160)

Ok, wise guy; what are we supposed to do about it? There are only four carriers in the US, and they all charge for receiving text messages. Obviously, you only have two options: either not own a cellphone, or to start your own carrier. Not owning a cellphone does not hurt the carrier, since they have plenty of other customers who don't mind paying for text messages, or just can't live without a cellphone. No carrier will miss you. They will, in fact, want you to leave, since you are a cheapskate who does not make them money by signing up for an expensive monthly contract. Heck, you probably use prepaid, which is not making them any money at all! Your other option of starting your own carrier is not viable due to lack of capital. You'll need to build a few million cell towers, since if you just rent from the existing carriers you'll have to conform to their pricing plans or lose money. Who will lend you the money? Nobody. So, as you can see, we're all pretty much screwed and can do nothing about it.

Re:Facebook stupidity.. (2, Interesting)

Anonymous Coward | more than 3 years ago | (#36117298)

I e-mailed Sprint and told them I didn't want to pay for texts, since I only receive a few a month. To summarize, they replied "No problem, we'll put you down for 200 free texts a month. Is that all you need, or can we help you with something else?". I was shocked, but service like that will retain me as a customer. I went so far as to write a response to commend them for it.
 
But I guess your way works too: do nothing. Can't be disappointed if you never try, right?

Re:Facebook stupidity.. (2)

mikestew (1483105) | more than 3 years ago | (#36117428)

Ok, wise guy; what are we supposed to do about it?

Google Voice, as one option, and I'm pretty sure there are others. From my POV, paying for texting is like getting your TV from a company that wants $80/month: quaint, but unnecessary.

Re:Facebook stupidity.. (1)

N1AK (864906) | more than 3 years ago | (#36117222)

It makes perfect sense, if users are given the some control over which SMS are charged. You 'pay' for receiving an email (although most people do so via the effectively unlimited bandwidth they have pre-purchased). Not paying for incoming phone and text communications is why we haven't got services like google voice in the UK. It also means that their is no motivation for mobile operators to decrease the sms delivery charge because their customer isn't paying for it anyway

Why no email option? (2)

anti-pop-frustration (814358) | more than 3 years ago | (#36116778)

This sounds like a ploy to harvest phone numbers from well meaning (if ill informed) users who care about security and who previously hadn't surrendered their phone number to facebook.

Is there a valid reason for not offering the same service via email? Using, you know, the email address that facebook already has on record.

Re:Why no email option? (0)

ark1 (873448) | more than 3 years ago | (#36117016)

I guess the idea is that if you do not want to login to your fb account from an untrusted computer, you wont be inclined to logging into your email account from this same machine.

Re:Why no email option? (1)

Bing Tsher E (943915) | more than 3 years ago | (#36117404)

In that case, why would you want to be logged in from said untrusted computer in the first place?

Ah, the illusion (1)

Haedrian (1676506) | more than 3 years ago | (#36116790)

Yeah, we have two factor authentication. Don't worry, your account is safe. Nobody can access it except you, and us, and some of it from out advertisers, but nothing to worry about. Now give us more information we can sell.

Love

Facebook.

lol (2)

Charliemopps (1157495) | more than 3 years ago | (#36116824)

This will only insure that the data they collect on you is actually from you... there-by making it more valuable to the tens of thousands of businesses they then turn around and sell the information to.

they immediately publish your cell # (3, Informative)

Loco3KGT (141999) | more than 3 years ago | (#36116846)

Worth noting - when you supply a phone number (btw, my Google Voice number didn't work at all for this.. had to use my actual mobile #).. they immediately publish it on your profile.

Thanks Facebook! (i immediately removed it and disabled the feature)

Re:they immediately publish your cell # (1)

ftobin (48814) | more than 3 years ago | (#36117356)

btw, my Google Voice number didn't work at all for this.. had to use my actual mobile #)..

Google voice doesn't work because it doesn't have an SMS gateway. Since I have the same problem, I emailed Facebook and suggested that they consider supporting sending one-time-passwords via email instead of only by SMS. It's almost as secure as receiving an SMS, especially if your email account also has 2-factor security, and doesn't cost a dime.

It's obvious (0)

rpopescu (1563191) | more than 3 years ago | (#36116860)

that this is about getting the phone numbers - another way to access users and feed them delicious Facebook and approved 3rd party apps goodness, I'm sure.

is it only me? (0)

Anonymous Coward | more than 3 years ago | (#36116868)

Is it only me ..... facebook is trying to harvest personal phone number?

Simpsons memory (1)

w_dragon (1802458) | more than 3 years ago | (#36116996)

Kind of feels like that a scene in The Simpsons where Burns and Smithers walk through several layers of heavy security with lots of big heavy doors, only to end up in a little shed with an open door and a broken window. As long as I can click on a link and give an app the ability to write on my wall as me, with no explicit permissions to do so, I don't think extra password security is all that meaningful.

Re:Simpsons memory (1)

camperdave (969942) | more than 3 years ago | (#36117292)

As long as I can click on a link and give an app the ability to write on my wall as me, with no explicit permissions to do so, I don't think extra password security is all that meaningful.

You clicked. What further permission do they need?

Re:Simpsons memory (1)

w_dragon (1802458) | more than 3 years ago | (#36117836)

Clicking a random link while logged into facebook is not permission to post something on my wall as me. Well, right now it is, but it shouldn't be.

AdBlock Plus (1)

_0xd0ad (1974778) | more than 3 years ago | (#36118538)

||facebook.com^$third-party,domain=~fbcdn.net,domain=~facebook.com
||facebook.net^$third-party,domain=~facebook.com,domain=~fbcdn.net
||fbcdn.net^$third-party,domain=~facebook.com,domain=~facebook.net

Re:Simpsons memory (1)

rjstanford (69735) | more than 3 years ago | (#36118328)

In all fairness, you clicked on a link which caused a big popup window to appear stating, "{APPNAME} wants to learn about all your stuff, and your friends, and write on your wall, before showing you what kind of beaver mustache you are. Mmmmkay?" to which you had to very explicitly say "APPROVE!!!" Its not like they're making it a big secret. How would you handle it, exactly?

Authority (1)

Wowsers (1151731) | more than 3 years ago | (#36117476)

Two factor login?

Q1: We will trawl your personal data to sell to advertisers, log in here...

Q2: Are you sure you want your details to be sold to advertisers? Log in here...

what if you never log out? (1)

SpinningCone (1278698) | more than 3 years ago | (#36117542)

2 factor is useless if you never log the hell out of facebook. I just want my flippin session to timeout after 30 min >_>

Re:what if you never log out? (0)

Anonymous Coward | more than 3 years ago | (#36118070)

Would have been useful to those who have been hacked because:

  1) they were tricked into giving up their password to a rogue website that pretends to be facebook

  2) they did log out, but someone after them knew their password to get back in (via keylogger or video)

Re:what if you never log out? (1)

_0xd0ad (1974778) | more than 3 years ago | (#36118488)

Why? You leave your computer unattended and unlocked where other people might be able to use it?

Texting? (1)

OhHellWithIt (756826) | more than 3 years ago | (#36117628)

That's no good for those of us who don't have texting service on our phones. Who needs texting with a data plan (and IM readily available)?

Something fishy here (1)

Anonymous Coward | more than 3 years ago | (#36117696)

From the article:

Even interns like myself are tasked with big projects to help improve account security. Instead of working on mundane tasks and simple problems, interns are given high-impact assignments that reach out to hundreds of millions users every time they use Facebook.

They tasked an INTERN with security?!?

Brilliant move to further ruin your privacy.. (1)

cheros (223479) | more than 3 years ago | (#36117706)

The covert threat is: you either submit your mobile phone number or we will not protect you anymore.

I keep the details I hand to FB to an absolute minimum, and my phone numebr is certainly not going to be added. The problem I see is that I have no way to disable SMS spam, so once FB decided to resell data again I might as well get a new number (with all the associated costs).

It would be smarter if they finally implemented OpenID support, because you can then simply choose the service that you deem safest. But hey, that would not supply even more private data, would it?

Nice try FB, but ab-so-lu-te-ly no way. I wonder how many idiots will fall for this..

I'd Rather Google (1)

dmexs (2075660) | more than 3 years ago | (#36117730)

I'd rather they allow authentication via google ID, so I can use google's more versatile two-factor auth.

Phone number harvesting (0)

Anonymous Coward | more than 3 years ago | (#36117732)

Great way to encourage people to link their phone numbers with their accounts.

FFS (1)

t-twisted (937590) | more than 3 years ago | (#36117780)

facebook.com still points to http://www.facebook.com/ [facebook.com] by default, I'll wait for the headline when THAT changes.

Is this scenario 2 factor authentication? (0)

Anonymous Coward | more than 3 years ago | (#36118482)

At work, we have a server that has sensitive information on it and is only accessible to 2 people. The only service it runs is ssh. The server can be accessed from the outside, but it only whitelists a few ip address, and every other ip address is denied. Only a few people are given access to the server, and password authentication is not allowed, but rather they must use public key authenication. The 2 system admins keep the private keys themselves, and private keys are protected with a strong password. Is this 2-factor authenication, because it's something you have (private-key), and something you are (a certain ip address)? Isn't it technically 3-factor authenication because you also have to have a password to unlock the private key (something you know) ?

weeding out duplicates (0)

Anonymous Coward | more than 3 years ago | (#36118546)

It's easy to get different email addresses, but difficult to get multiple phone numbers. Maybe this is to address advertisers concerns that their user base isn't as big as they claim.

Interns? (0)

Anonymous Coward | more than 3 years ago | (#36118618)

Even interns like myself are tasked with big projects to help improve account security. Instead of working on mundane tasks and simple problems, interns are given high-impact assignments that reach out to hundreds of millions users every time they use Facebook.

No offence, but I don't like the idea of Facebook interns working on security features when the core developers themselves can't seem to do it right.

Screw Failbook (1)

kheldan (1460303) | more than 3 years ago | (#36118734)

They can go to hell. I don't want them having my phone number. Fail, fail, fail.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?