Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook "Trusted Contacts" Lets You Pester Friends To Recover Account Access

samzenpus posted about a year ago | from the with-a-little-help-from-my-friends dept.

Facebook 114

alphadogg writes "Facebook Thursday said it's making available globally a feature called 'Trusted Contacts' that lets users select three to five friends who can help users recover account access such as if they forget their password. Facebook said the idea is that once these friends are identified as 'trusted contacts' through the user's security settings, Facebook will provide each of them with a special code. 'Enter the codes from [at least 3 of] your trusted contacts, and you'll be able to access your account,' Facebook says. 'After you set your trusted contacts, we'll notify them so that they can be ready to help you if you ever need it.'"

cancel ×

114 comments

Sorry! There are no comments related to the filter you selected.

Security (5, Interesting)

LordLucless (582312) | about a year ago | (#43618425)

That sounds like a really good idea; adding a human element to password recovery using already established trust relationships. Of course, slashdot wouldn't be slashdot if we didn't try and skew reader response by painting it as "pestering".

Re:Security (4, Insightful)

markus_baertschi (259069) | about a year ago | (#43618451)

I agree, I find this an excellent password recovery scheme. It does not protect against a bad choice in friends, but there are no technical protections possible against that. But for password recovery it is very good and quite safe against abuse by anonymous internet hackers.

Re:Security (3, Interesting)

Chrisq (894406) | about a year ago | (#43618479)

It does not protect against a bad choice in friends

I would imagine that Facebook account access is the least of your problems if you have a bad choice of friends.

Re:SSteps...ecurity (1)

djsmiley (752149) | about a year ago | (#43618655)

1. Hack account
2. Add your own friends
3. Set as trusted friends...
4. Success?

Re:SSteps...ecurity (1)

txibi (1691198) | about a year ago | (#43619039)

I don't get it... If I have already hacked the account why I need any of the other steps?

Re:SSteps...ecurity (1)

penix1 (722987) | about a year ago | (#43619421)

Because it prevents the original owner from regaining control.

Re:SSteps...ecurity (2)

Aaden42 (198257) | about a year ago | (#43620843)

Assuming they do in some fashion regain control of their account (and setting trusted friends doesn't prevent them from using some other password reset channel), they can simply un-trust your faux friends. Account security is restored. Granted there's a race condition if you can re-reset the password faster than they can un-trust you, but that seems like an *awful* lot of work to keep a Facebook account.

Re:SSteps...ecurity (1)

Alain Williams (2972) | about a year ago | (#43619883)

It is about the account owner forgetting his/her password.

Re: SSteps...ecurity (0)

Anonymous Coward | about a year ago | (#43620015)

4. Get busted because now they know who you really are,
(it's trivial for Graph to figure this out based on the friends you choose)
5. Jailtime?

Re: SSteps...ecurity (0)

Anonymous Coward | about a year ago | (#43621499)

My friends ex boyfriend did this last month to find where she was. He had previously setup several fake fb accounts and added them as friends, used them to reset her password, then used her messages to find where she was staying. I called the cops when he showed up at midnight yelling from the front yard and breaking our vehicles. Scary

Re:Security (0)

Anonymous Coward | about a year ago | (#43618663)

I agree, I find this an excellent password recovery scheme. It does not protect against a bad choice in friends, but there are no technical protections possible against that. But for password recovery it is very good and quite safe against abuse by anonymous internet hackers.

Yes of course it is, because after all, hackers always use the front door, politely knocking three times.

I don't care how much lipstick you want to slap on that pig when the best defense is to not own a pig at all.

Re:Security (1)

arth1 (260657) | about a year ago | (#43618799)

It does not protect against a bad choice in friends, but there are no technical protections possible against that

Sure there is. Ditch the "electronic friend" concept. It's as fake as "pages" on a web page. Real life doesn't translate into the bitworld, and trying to shoehorn the concepts in is just causing problems.
Trust is to be earned, not given away for a smiley.

Re:Security (0)

Anonymous Coward | about a year ago | (#43619085)

isn't that the point here? there are now so many connections between people on facebook that facebook can't tell which ones are genuine...they need a new system to determine who is close friends with whom...

Re:Security (1)

PopeRatzo (965947) | about a year ago | (#43619487)

there are now so many connections between people on facebook that facebook can't tell which ones are genuine...they need a new system to determine who is close friends with whom...

Now tell me why I would want Facebook to know who my close friends are.

Re:Security (2)

Thud457 (234763) | about a year ago | (#43619313)

OH YEAH, this is a BRILLIANT idea!
Let's just add in another handful of vectors for phishing attacks. With people with less familiarity to your personal information and less incentive to exercise diligence.
I see NO possible FLAW with that plan!&
</boggle-eyed Homer simpson over the top sarcasm>

Re:Security (0)

Anonymous Coward | about a year ago | (#43618483)

Not only a good idea, but it's a really elegant solution for social networks. Nice work, Facebook!

Re:Security (3, Informative)

arth1 (260657) | about a year ago | (#43618937)

Not only a good idea, but it's a really elegant solution for social networks. Nice work, Facebook!

Either you're trolling, or you really have a weird definition of "elegant". This is highly exploitable through social engineering, and also is a very inelegant solution for those who currently don't have three trusted online "friends", or those who no longer trust one, and have to give them the digital equivalent of a face slap by removing the assigned trust.

I think this is slightly more elegant:
Write your password on a piece of cardboard. Fold it, and put it in an envelope. Mail it to a relative, saying it's your password for [service], and not to be opened unless you ask or you're dead.
You don't need to hunt down three friends. You don't have to give facebook information about who you trust. And you're covered even if you die.

Re:Security (1)

Hotawa Hawk-eye (976755) | about a year ago | (#43619543)

Not only a good idea, but it's a really elegant solution for social networks. Nice work, Facebook!

Either you're trolling, or you really have a weird definition of "elegant". This is highly exploitable through social engineering, and also is a very inelegant solution for those who currently don't have three trusted online "friends", or those who no longer trust one, and have to give them the digital equivalent of a face slap by removing the assigned trust.

I think this is slightly more elegant:
Write your password on a piece of cardboard. Fold it, and put it in an envelope. Mail it to a relative, saying it's your password for [service], and not to be opened unless you ask or you're dead.
You don't need to hunt down three friends. You don't have to give facebook information about who you trust. And you're covered even if you die.

If you're worried about what happens in the event of your death, shouldn't you give that envelope to your lawyer instead, to hold as part of your will? Wouldn't that make it covered by attorney-client privilege and accessible only to you or those to whom you've given power of attorney (or the person you indicated in your will, after your death?) Sure, it's not quite as easy to access (you'd hopefully have to satisfy a high bar in terms of proving who you are to get access to it) and may not be worth it for your Facebook password, but may be for other passwords (bank account, investment account, etc.)

Re:Security (1)

netsharc (195805) | about a year ago | (#43620469)

It'd be more interesting to send parts of the password to different people. So for example 3 people out of a group of 7 would have to join their parts to get the whole password. Redundancies are there in case some of the people fall off the face of the planet. Ideally you'd find 7 people where no three of them would join up to conspire against you -- that is admittedly very hard.

I'm sure there's a mathematical function to split up a piece of information so that 3 out of 7 pieces is enough to restore it. How to do it is an exercise left for the reader.

Re:Security (1)

networkBoy (774728) | about a year ago | (#43620805)

There is a crypto system for that. Schneier explained it in Applied Crypto.

Basically the trick is that of 7 keyholders you need at least 5 (or some other number) that will all enter their key to sign or authenticate data. This can be extended to the signature applied to null (or any other chosen value) being used as the key for an encrypted volume.

It is the system we use at my work to sign software. There are M keyholders with a minimum number of N required to sign the software.

Re: Security (0)

Anonymous Coward | about a year ago | (#43620091)

Why would they open it if you're dead? Because you're so elegant

Re:Security (1)

knorthern knight (513660) | about a year ago | (#43620205)

> I think this is slightly more elegant:
> Write your password on a piece of cardboard. Fold it, and put it in an envelope. Mail
> it to a relative, saying it's your password for [service], and not to be opened unless
> you ask or you're dead. You don't need to hunt down three friends. You don't have
> to give facebook information about who you trust. And you're covered even if you die.

Wrong, wrong wrong.
1) Your relative may die, or lose contact with you

2) or the relationship may sour. And he's got your password(s). Dumb.

Use a safety-deposit box instead. You're not relying on a human being, which makes this better.

Re:Security (5, Insightful)

Anonymous Coward | about a year ago | (#43618519)

It's also excellent at providing Facebook data which of your friends are close friends. Very useful to charge advertisers more for fake likes from trusted friends who are more likely to have a bigger impact.

Re:Security (3, Insightful)

Isaac Remuant (1891806) | about a year ago | (#43618679)

There's already 5000 ways for them to discover what friends are more relevant to you, though.

They can analyze your interactions, your views of someones profiles/walls, your clicks on their shares, your groupings or other customized settings...

I don't think this is the sort of feature that will have so much adoption as to matter in that sense.

Re:Security (0)

Anonymous Coward | about a year ago | (#43618949)

There's already 5000 ways for them to discover what friends are more relevant to you, though.

They can analyze your interactions, your views of someones profiles/walls, your clicks on their shares, your groupings or other customized settings...

I don't think this is the sort of feature that will have so much adoption as to matter in that sense.

You don't think this sort of way will be, huh?

Care to comment on "way" #5000 then, or the 4,999 behind that one?

Not sure if it's simply pure ignorance or perhaps an exposure to Facebook radiation that has brought you to the conclusion that there will not be a 5,001, and 50,000 more ways after that.

Bottom line is there is always a reason a business engages in cost activity, and it's usually to recover that cost, and more. If they had a way to extract whom you truly trust within your "inner circle" of 472 friends you hardly ever see IRL, then they wouldn't be asking for it now.

Re:Security (1)

Isaac Remuant (1891806) | about a year ago | (#43619995)

I'm downplaying the effectiveness. I'm not saying FB is not out to get every last bit of info out there. If you're very privacy conscious, there's quite a number of things you should be looking out before this one.

Btw, Thanks for the free insult, it's always good to see ACs being tough guys.

Re:Security (2)

knorthern knight (513660) | about a year ago | (#43620273)

> I'm downplaying the effectiveness. I'm not saying FB is not out to get
> every last bit of info out there. If you're very privacy conscious, there's
> quite a number of things you should be looking out before this one.

If you're very privacy conscious... then you're not on Facebook in the first place.

Re:Security (3, Insightful)

daveewart (66895) | about a year ago | (#43618801)

Just because you trust someone to be _trustworthy_ doesn't mean that you trust their _opinions_. For example, I would trust some members of my family to not abuse having a house key, for example; wouldn't stop them from talking nonsense I don't agree with, though :-)

Re:Security (4, Interesting)

teslar (706653) | about a year ago | (#43618529)

I suppose the one worry is that if someone has the ability to impersonate your e-mail and has access to your friends list, he could then impersonate you and ask *all* your friends for codes. The attacker doesn't need to know who the trusted friends are since your circle of friends would not easily be able to detect that everyone's been contacted. The attacker may mine the publicly available info on the friends to personalise the message a bit, if not, keep it short and very simple. It's not like this request would come in a long personal message anyway. It IS likely that it will come by e-mail though since you'll already be at the computer, trusted friends may be around the globe and so on. In short, you need your friends to be capable of detecting an impersonation attempt, even if brief and potentially conveying a sense of urgency. Remember, your trusted friends may be the same people who click on links that appear to be from you *because* they trust you. So in summary, while I do think this is pretty neat, I also wonder if this is not rather vulnerable to social engineering (perhaps not so much among the /. crowd - but generally)?

Re:Security (2)

LordLucless (582312) | about a year ago | (#43618607)

Which is still a step above the current state of affairs. It relies on somebody being able to gain access to your email address; currently, if that happens, you're screwed anyway.

Re:Security (1)

Isaac Remuant (1891806) | about a year ago | (#43618687)

He said impersonate, not actually access. I'd imagine a decent email service would catch email spoofing though, and tricking 3 people without them getting in contact with the account holder doesn't seem likely either.

Re:Security (1)

LordLucless (582312) | about a year ago | (#43618711)

I guess, as long as your friends just send the reply email without noticing that it's addressed to someone else entirely.

Re:Security (1)

Culture20 (968837) | about a year ago | (#43618941)

I'm betting a From: "Lucless, Lord" <borris@mafia.ru> would fool more than half of your list, especially if your friends use a client that only shows the portion in quotes without any digging. That's still good odds even if they're focusing on one account.

Re:Security (1)

petermgreen (876956) | about a year ago | (#43618637)

Worse than that with the rate at which many people change email addresses you probablly don't even actually need access to the victims real email address, just an address that looks sufficiently plausible that the contacts think it's the victim.

If you are going to use this feature and want your account to remain secure you need to carefully instruct the friends on when they should and should not give out the code (preferablly in person only) and make sure that you can trust them to follow those instructions. Sadly I doubt that will happen in most cases.

Re:Security (1)

Joce640k (829181) | about a year ago | (#43618753)

I don't think 'pestering' people worries Facebook in the slightest.

OTOH this is several orders of magnitude better than "What's your favorite color?". I almost like it.

Re:Security (1)

nospam007 (722110) | about a year ago | (#43618843)

"OTOH this is several orders of magnitude better than "What's your favorite color?". I almost like it."

Nobody uses that anymore. It has been replaced by:
"What is the air speed velocity of an African Swallow?"
Ages ago.

Re:Security (1)

fearofcarpet (654438) | about a year ago | (#43618971)

But doesn't this approach just create another vector for social-engineering attacks? If any of my emails accounts are compromised, my phone is stolen, some malware gets a hold of my address book, etc., what stops a hacker from sending an email to everyone on my contact list asking for my secret Facebook codes? The chances are pretty high that the three extra-special friends on Facebook are also in your email/<insert social app> address lists.

TFA says “Choose people you can reach without using Facebook, ideally over the phone or in person, since you’ll need to contact them when you can’t log in.” I think the odds are pretty high that someone you know in person or whom you talk to over the phone would not hesitate to send you the code after getting an email from "you" that says "Hey, I got locked out of FB, can you send me your code? Thanks."

Re:Security (0)

Anonymous Coward | about a year ago | (#43619969)

adding a human element to password recovery

It's reasonable from the security perspective, but more importantly, it reduces Facebook's support costs, and probably will provide better outcomes for users than Facebooks' staff can provide. It passes the solves-multiple-problems test, but improving Facebook's profit margin is certainly why it's here.

Re:Security (1)

Luckyo (1726890) | about a year ago | (#43620245)

It appears to be like leaving your spare keys with a friend you trust that lives nearby. Makes sense.

Re:Security (0)

Anonymous Coward | about a year ago | (#43621631)

Ha! Sounds like distributed incompetence to me.

Does anybody care? (-1)

Anonymous Coward | about a year ago | (#43618427)

Seriously, who cares about FB? Does anyone still actually use it? (as opposed to being a dead account in their database)

Re:Does anybody care? (1)

Anonymous Coward | about a year ago | (#43618503)

I use Facebook quite actively, which means that I check my account perhaps 10-12 times per day. Why?
  1. It's an easy way to keep in touch with people I know, even though I don't know the email addresses or phone numbers of most of them. Actually, even when I do have their phone number or mail address: most people check their Facebook account more frequently than their mail account, and many even have access to Facebook from their cell phone. (The chat technology is actually just XMPP, so it isn't "evil" in any way either).
  2. It's where most people upload their photos. For instance, I was recently on a three-week interrail trip to Japan with three friends, and all of them uploaded their best images from the trip to Facebook. The same happens with family trips, special parties, etc.
  3. It's where half of my party invitations come in. If you're hosting a party with >20 people, it's simply easier to make a Facebook event, invite people, and see who says they're attending/maybe/not attending than actually calling/texting one and one person in order to invite them and check if they can make it.
  4. It's a decent way to procrastinate. People are always posting silly Youtube-videos, interesting articles, and whatnot, so if you're taking a 10 minute break from work, it's a decent way to relax.

I'm not trying to convince you to start using Facebook; I'm just saying that yes, some people on Slashdot use Facebook, and we have our reasons.

Re:Does anybody care? (3, Insightful)

Tridus (79566) | about a year ago | (#43618559)

Probably nobody does in that cave you're hiding in, but out here in the world? Yeah, there's a couple people still using it, give or take millions.

Re:Does anybody care? (1)

Mike Frett (2811077) | about a year ago | (#43618643)

I don't know about him, but I'm very happy in my Cave.

Re:Does anybody care? (0)

Anonymous Coward | about a year ago | (#43622223)

Facebook = "out there in the world"?

Get a life.

Re:Does anybody care? (3, Insightful)

Isaac Remuant (1891806) | about a year ago | (#43618657)

Yes. There is a real world outside of your room. People socialize. It might be hard to recognize it from the center of the universe you are in but it happens.

Re:Does anybody care? (2)

arth1 (260657) | about a year ago | (#43618853)

Yes. There is a real world outside of your room. People socialize.

Yes, there is a real world out there. As opposed to Facebook, which you mostly access from your room.

Yes, people socialize. Have meals together, go dance, study together, play and sing, and much more. But it happens in "the real world outside of your room".

Sure, you can use Facebook to facilitate much of that, but you can do that with a phone or a car or e-mail too. Yet that doesn't make people think that the phone or car or mail server is the venue.

Re:Does anybody care? (2)

Etcetera (14711) | about a year ago | (#43619625)

Yes. There is a real world outside of your room. People socialize.

Yes, there is a real world out there. As opposed to Facebook, which you mostly access from your room.

Yes, people socialize. Have meals together, go dance, study together, play and sing, and much more. But it happens in "the real world outside of your room".

Sure, you can use Facebook to facilitate much of that, but you can do that with a phone or a car or e-mail too. Yet that doesn't make people think that the phone or car or mail server is the venue.

You mostly access Facebook from your room? ("In Korea, only old people use email...") I access Facebook from my car, from the office, from the park, from a bar, waiting in line at the DMV, via text, etc...

It's a forum for electronic communication. Sure it's possible to primarily use it purely for random connections, but well over 90% of my Facebook friends I know (or have at least met) in person.

If you're asking "Why Facebook them when I could just text them*?", you're doing social media wrong.

*(outside of a disaster situation)

Re:Does anybody care? (1)

flimflammer (956759) | about a year ago | (#43618795)

I'm curious if you wrote that with a big grin on your face or if you genuinely believe that Facebook is having issues with maintaining its dominance.

Collusion? (5, Insightful)

heypete (60671) | about a year ago | (#43618429)

While I'd hope that people would trust their friends to not abuse a privileged position in order to gain access to one's account, it's probably a good idea to pick friends from different, non-overlapping social circles to make it difficult for them to know who other "trusted" people for one's account are.

Re:Collusion? (1)

mwvdlee (775178) | about a year ago | (#43618571)

Non-overlapping social circles give Facebook more information than overlapping social circles.
If enough people use this feature, overlapping gives them circles of friends, non-overlapping gives them a network of interconnected circles of friends.

Imagine a group of six friends, each chosing only eachother as "trusted contacts"; facebook will know only the small circle.
Imagine a number of six-friend groups, each chosing a one of each group as a "trusted contact"; facebook will still be able to reconstruct a number of small circles.

Re:Collusion? (1)

heypete (60671) | about a year ago | (#43618615)

Ok, but what information does that give Facebook? They already know people's social connections due to people "friending" each other.

My point was more "Leaving aside the privacy issues related to the use of Facebook and its specific implementation, in general people should choose diverse 'trusted contacts' from separate social groups so the odds of multiple friends colluding to get enough codes to gain access to one's account is minimized."

Re:Collusion? (0)

Anonymous Coward | about a year ago | (#43618813)

If you assume an adversarial relationship with Facebook to begin with, you'd probably be best off not using it at all.

Hence, I don't see an issue.

Re:Collusion? (1)

MadKeithV (102058) | about a year ago | (#43619515)

I find that 5 friends from a non-existent social circle are even more secure.

Is this new? (5, Funny)

Nbrevu (2848029) | about a year ago | (#43618431)

Facebook [..] Lets You Pester Friends.

Wasn't that already its primary use?

Would I trust my friends with my Facebook account? (-1)

Anonymous Coward | about a year ago | (#43618433)

No.
I don't have a Facebook account.
Next story, please.

Teen Drama in 5 4 3 2 1 (1)

phizi0n (1237812) | about a year ago | (#43618509)

I'm sure there will be plenty of young people pranking each other by hijacking their friends' accounts (or former friends) with this.

Re:Teen Drama in 5 4 3 2 1 (3, Interesting)

Grantbridge (1377621) | about a year ago | (#43618535)

There are plenty of young people pranking each other by hijacking their friend's accounts without this! Leaving yourself logged in on a laptop/phone is considered permission to update your status to something "hilarious". I don't think this is going to increase hijacking.

Re:Teen Drama in 5 4 3 2 1 (1)

mwvdlee (775178) | about a year ago | (#43618601)

For that to happen, the "friends" must have (A) physical access to the device and (B) a logged-in account.
With this "Trusted contacts", the friends need neither to hijack an account, they just needed to be sufficiently trusted in the past.

I'm much more worried about previously trusted ex-girlfriends getting together... (or rather; I would be).

Re:Teen Drama in 5 4 3 2 1 (0)

Anonymous Coward | about a year ago | (#43618717)

Why would you delegate your 5 ex girlfriends as the gatekeeper to your Facebook page? I don't trust any of my ex's, let alone give them all access. Your comment is bad and you should feel bad.

Re:Teen Drama in 5 4 3 2 1 (1)

Hotawa Hawk-eye (976755) | about a year ago | (#43619679)

1) Get your friends together for a party (especially a bachelor or bachelorette party.)
2) You and your friends get drunk.
3) Your (drunk) friends decide it would be "fun" to access into your Facebook account and post naughty message as you.
4) ???
5) Prof... *ring ring* Hi, Grandma. What? There's a picture of my naughty bits on my Facebook page? No there isn't! *check* What the?!

better solution (0)

Anonymous Coward | about a year ago | (#43618593)

remember your unique password^H^H^H^Hphrase so recovery is never needed. when you login 10 times a day, every day, how long does it take to remember: correct horse battery staple [xkcd.com] .

people already use friends to hijack accounts, this will be NO DIFFERENT.

This is a social gimmick (5, Interesting)

EmagGeek (574360) | about a year ago | (#43618595)

It creates yet another layer of "friendship exclusivity" in the Facebook social world. You have "friends" already, but now you can have "OMG BFF!" people as well, and some will feel accepted or rejected based on whether they are one of your "chosen few."

This is, of course, the intent - to create more hype and drama, and even more important, yet another vehicle for narcissism to flourish.

Re:This is a social gimmick (1)

DKlineburg (1074921) | about a year ago | (#43618611)

Or they as said above will continue building a bigger database about you, your friends, and anything you do. The data isn't evil, what they do with it might be.

Re:This is a social gimmick (1)

Isaac Remuant (1891806) | about a year ago | (#43618669)

mmm... I saw it more in terms of some sort of extra authentication and it doesn't seem to be obligatory so I don't know why people are complaining that much.

Re:This is a social gimmick (1)

mrbester (200927) | about a year ago | (#43618739)

Best part is you have to wait until you receive the codes (how?) from these friends in order to access your account. What if one friend is off line because they've gone backpacking in the wilds of NoInternetLand for a month? What if they take their time responding (you're BFFs but you had a disagreement)? What if you don't receive the response?

You're stuffed using this method as there are too many points of failure.

Re:This is a social gimmick (1)

MiKM (752717) | about a year ago | (#43618951)

According to the summary and article, you only need three of five codes. I suppose of 3 of your friends are out-of-contact, then you're SOL for the time being, but I suppose that is better than having a weaker, easier-to-compromise system. When choosing your five friends, it might be wise to select people from different circles of friends to decrease the likelihood that multiple trusted contacts are out-of-reach at once.

Re:This is a social gimmick (0)

Anonymous Coward | about a year ago | (#43618811)

Someone who goes so far as putting 'Geek' in their nickname, their online identity, is griping about social networking and friends. Shocker!

Hurr durr basement dwellers still don't get Facebook. Shocker!

But... (5, Funny)

shitzu (931108) | about a year ago | (#43618603)

But I do not have 3 friends you insensitive clods!

Re:But... (0)

Anonymous Coward | about a year ago | (#43619771)

You're joking, but I actually don't. I don't like facebook, but I have two friends who insist on using it so I have a profile with just the two of them added as friends.

Re:But... (1)

MMC Monster (602931) | about a year ago | (#43620721)

You don't need three friends.

You just need three Facebook Friends.

Re:But... (1)

Voyager529 (1363959) | about a year ago | (#43622109)

Best. Response. Ever.

Nuclear Launch Codes (2)

rodrigoandrade (713371) | about a year ago | (#43618661)

Isn't this security measure a bit overkill for a stupid social network site??

What's next? All 3 to 5 friends will have to enter their codes simultaneously to recover the lost account?

Re:Nuclear Launch Codes (1)

gnasher719 (869701) | about a year ago | (#43618765)

What's next? All 3 to 5 friends will have to enter their codes simultaneously to recover the lost account?

No. Three out of five friends need to enter codes. I thought most people posting on Slashdot would know about codes where n out of m keys are needed to uncover a secret. (For example, for 3 out of 5 the keys would be points on something similar to a 2nd degree polynomial; with two points you have no idea what the polynomial is, with three or more points you can reconstruct it).

Re:Nuclear Launch Codes (1)

Etcetera (14711) | about a year ago | (#43619663)

If it's good enough for the root zone of DNS [popsci.com] , it's good enough for my friends list.

Re:Nuclear Launch Codes (1)

Hotawa Hawk-eye (976755) | about a year ago | (#43619743)

What's next? All 3 to 5 friends will have to enter their codes simultaneously to recover the lost account?

No. Three out of five friends need to enter codes. I thought most people posting on Slashdot would know about codes where n out of m keys are needed to uncover a secret.

And if you don't, there's a Wikipedia page [wikipedia.org] listing a number of different systems.

Re:Nuclear Launch Codes (1)

Anonymous Coward | about a year ago | (#43618809)

It's not overkill at all. It's a relatively simple decentralized scheme for doing password resets. It sits between the reset processes that that only require the user and the ones that require someone at FB to do something. It should take a significant load off of the people at FB, probably be quicker for the user, and might even provide a gentle shaming of people who lose their password too often. It seems like a pretty smart plan.

Re:Nuclear Launch Codes (0)

Anonymous Coward | about a year ago | (#43621797)

Good God man! Don't you see this for its value to FaceFook? This is yet another way to establish a hierarchical measure of your personal social network nodes. Understanding the assignment of trust is valuable and it can be studied, manipulated and monetized. There are already simple technological solutions to the problem of recovering a lost password; an alternative email address, a PIN or security questions suffice nicely. No one here actually believes it would be an improvement to distribute access to others... do they?

This is perfect fodder for politicos. Knowing who you trust in order to sway you could be a key to unlocking the billions spent on political advertising for the FaceBookees.

Almost had the best Slashdot title ever (1)

Anonymous Coward | about a year ago | (#43618685)

s/Friends/Chums/

You were so close.

It's not about YOU stupid. (1)

hebertrich (472331) | about a year ago | (#43618735)

Having " friends" instead of having a system saves FB money. Just another scheme .. ok now

It's all about profit. Now that the ice is broken ,i ask : when will FB users catch on and ask for their share of the money their data makes ?
Yes YOUR data makes THEM money , you get nothing in return . The Service ? LOL it's the tool they use to get your data that earns them money , it's not a service for you it's their tool to rake in the dough . They make billions with YOUR data . Wake up and send a letter to FB asking your share of the earnings. What they sell is YOU after all. Why not ask for fair return ? You accept to give them data , they need to accept to pay YOU for it.
All services that say " access to the service " is their way of repaying you are simply exploiting you. They count the smokescreen protects them from you finding out that their " service " is the tool they use to gather data and sell you . Wakee wakee . Cat's out the bag. Ask for your share of the profits everytime they sell your data. Why would anyone accept their lives be scrutinised , analysed then sold for free ? If i put it that way it don't sound good does it ? But that's what each and everyone participating in " social networks " or where the " service " is the reward falls for.

Ask for your share of what's rightly your's.

Re:It's not about YOU stupid. (2)

RackinFrackin (152232) | about a year ago | (#43618845)

you get nothing in return

FB users get a significant amount of utility out of Facebook, and of course it comes at a cost. It looks extremely lop-sided because there's only one facebook and there are a billion or so users, but saying that users get nothing from it is just as stupid as saying that it costs users nothing.

Brain Fart (2)

StoneyMahoney (1488261) | about a year ago | (#43618741)

This is supposed to be a security... enhancement?! How many people do you know on Facebook who would "recover" your password, change your profile picture to the photo they took of you in drag being touched up by a biker, change your status to Dead and start inviting people to your funeral? Because that's the vast majority of my friends - I'd trust them with my life but wouldn't dream of trusting them with £5. Or my beer. Or access to my Facebook accou - ohhhhhhh wait!

Re:Brain Fart (2, Insightful)

Anonymous Coward | about a year ago | (#43618865)

I know lots of those people, but they are not my trusted friends. If you have no true trusted friends, don't set any on facebook. It's not mandatory.

Re:Brain Fart (0)

Anonymous Coward | about a year ago | (#43619019)

All three of these people would have to collaborate, and I doubt facebook is telling those three who the other two who received codes are.

Re:Brain Fart (1)

briancox2 (2417470) | about a year ago | (#43620609)

I am not concerned with the quality of my friendships. I am concerned with the quality of the computer security practiced by those friends.

How many compomised computers are there in the world? How many successful Facebook phishing campaigns have there been? The trackrecord of my friends asking for computer support because they didn't know what they were doing is alarming. I think that my personal security policy will remain unchanged because of this option: only trust ME!

Hijacking opportunities for malicious "friends". (1)

genocism (2577895) | about a year ago | (#43618839)

Interesting, so three of your "best friends" could work together to reset your password and gain access to your facebook account? In middle and high school enemies and friend change quickly. This could create some nice hijacking opportunities for malicious "friends".

Once it starts to roll (0)

Anonymous Coward | about a year ago | (#43618957)

Assuming friends have overlapping friends and some of these overlapping friends are naturally trusted better than others, wouldn't once you get the ball rolling and get 3 passwords somehow, you be able to start getting passwords of a whole friends group soon?

Of course getting 3 passwords may be hard. And even then its hardly a guarantee that those 3 will have the keys you need to unlock other accounts.

And of course, you better make sure you can trust your trusted friends really well.

Not worse than other password recovery schemes. (1)

140Mandak262Jamuna (970587) | about a year ago | (#43618975)

Looks like Facebook gives special codes to three to five designated people. Then if you forget your facebook password, you contact them, may be outside facebook and through some kind of channel via face book and get the codes. If you are able to collect three such codes, facebook restores your password. This is not any worse than asking for the nickname of your younger brother or the name of your pet or the mother's maiden name. In fact facebook has thoroughly undermined these stupid security questions.

For some reason the banks and credit card companies are very friendly on phone. They seem to trust the caller id and an actual human being on the phone.

Re:Not worse than other password recovery schemes. (1)

Mr. Slippery (47854) | about a year ago | (#43621557)

For some reason the banks and credit card companies are very friendly on phone. They seem to trust the caller id and an actual human being on the phone.

It's worth nothing that the ANI that your bank gets when you call their 800 number, is different than the "caller ID" service you might have on your home phone. Caller ID is much easier to spoof.

No Comment (0)

Anonymous Coward | about a year ago | (#43619007)

This is how it works for QQ/Weibo/etc in china. It's very *very* handy, so stop being whiny little babies. If even 1/10th of what you moan on and on about is an actual concern for you, why are you even on facebook. Of all the shit things people do to track you... *this* is what you complain about.

This is a very useful (it saved me!) recovery scheme. I wish google had it. *That* account is valuable, not my facebook.

sorry buddy (1)

nimbius (983462) | about a year ago | (#43619047)

I thought about helping you get back into your account...then i remembered that weird tirade about gay marriage and kenyan socialism you went on last year...and that time you wouldnt shut the fuck up about kony....and the farmville crap. Trust me, this is for your own good.

Re:sorry buddy (0)

Anonymous Coward | about a year ago | (#43621097)

I thought about helping you get back into your account...then i remembered that weird tirade about gay marriage and kenyan socialism you went on last year...and that time you wouldnt shut the fuck up about kony....and the farmville crap. Trust me, this is for your own good.

Aw. :-( Here let me fix that for you! :-)

I thought about muffins you cook back into your oven...then i fried that weird muffin about cookie dough and kiwi salad you ate last year...and that time you wouldn't cook oranges the fuck up about caramelizing...and the tofu crap. Trust me, this is for your own waffles.

There! :-) No need to thank me! Have a nice day! :-)

Trusted friend passwords (0)

Anonymous Coward | about a year ago | (#43619053)

Got my three trusted Facebook friends ready to give me my password, the NSA, FBI, CIA.

It's all about ads (again) (1)

beaverdownunder (1822050) | about a year ago | (#43619081)

The three to five people you choose as 'Trusted Contacts' are likely to be the 'closest' to you and thus the most likely to share behaviour and preferences with you.

Once you identify those people, Facebook can use their patterns to (presumably) target ads at _you_ better, and charge a premium to advertisers for this 'more accurate' imprint.

Whether this works remains to be seen, but in any case this has nothing to do with convenience and much more to do with monetization.

Deleting account after death (4, Insightful)

Anonymous Coward | about a year ago | (#43619171)

Sound like a good idea in theory, and it would also allow close friends to close an account of a departed one.

I know previously this can be distressing to contact facebook admins, and convince them that this is a valid request.

Re:Deleting account after death (1)

TangoMargarine (1617195) | about a year ago | (#43621721)

They don't have some sort of semi-automatic system for that? Hell, one person I knew, they practically had her profile down before I found out she was dead mere days later.

hmm (0)

Anonymous Coward | about a year ago | (#43619859)

so inactives that have passwords will mysteriously come under default ownership of friends of old defunct account thus activating dormant accounts....

I'm totally that guy (0)

Anonymous Coward | about a year ago | (#43620683)

"Rubber duck says he's your friend Adam. Grant access? y/n" Rubber duck strikes again! [computerworld.com]

Useful in the event of death/accidents (2)

phorm (591458) | about a year ago | (#43620823)

I've heard a lot of complaints about people passing away, and their facebook account becoming inaccessible to friends or family. This would be useful in the event of a long-term disabling event or death, allowing a spouse or close friend to pass on information in the event of a tragedy (or just begin the process of closing out the account).

More Vulnerability (0)

Anonymous Coward | about a year ago | (#43621795)

This enables distributed spear phishing. No more serial bottle necks.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>