Facebook Adds Two-Factor Authentication

← Back to Stories (view on slashdot.org)

Facebook Adds Two-Factor Authentication

Posted by timothy on Thursday May 12, 2011 @11:11PM from the your-name-and-your-real-name dept.

angry tapir writes "To help its hundreds of millions of users prevent unauthorized access to their accounts, Facebook has added an optional verification step to its log-in process. The new security feature, called Login Approvals, is a form of two-factor authentication."

27 of 124 comments (clear)

Min score:

Reason:

Sort:

Security? by Anonymous Coward · 2011-05-12 23:15 · Score: 4, Funny

That's like putting a steel door on a straw house...
1. Re:Security? by Hultis · 2011-05-12 23:23 · Score: 3, Insightful
  
  More like putting a steel door next to the regular one most people will still use.
2. Re:Security? by S.O.B. · 2011-05-13 07:20 · Score: 2
  
  What's with all the door analogies? This is Slashdot. It's supposed to be a car analogy. Fine, I'll do it myself.
  It's like locking a convertible when the top is down.
  
  --
  Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
Harvesting by tpotus · 2011-05-12 23:15 · Score: 2, Interesting

As someone pointed out in the article comments; This enforces fb's agenda to have its users submit as much personal info as possible to them.
Protect your MafiaFarmPetVilleWars! by L4t3r4lu5 · 2011-05-12 23:15 · Score: 3, Insightful

Give us your telephone number.

This isn't creepy at all.

--
Finally had enough. Come see us over at https://soylentnews.org/
1. Re:Protect your MafiaFarmPetVilleWars! by dragonhunter21 · 2011-05-12 23:39 · Score: 3, Informative
  
  Actually Google's uses a special app, Google Authenticator. No phone number required.
  
  --
  Sent from my CR-48
2. Re:Protect your MafiaFarmPetVilleWars! by ThunderBird89 · 2011-05-13 01:22 · Score: 2
  
  Only if you have an Android phone. Otherwise, and even if you do, you can opt for/have to use text messages, an automated phone call, or a OTP you printed earlier.
  
  --
  Hyperbole: I use it liberally!
3. Re:Protect your MafiaFarmPetVilleWars! by dragonhunter21 · 2011-05-13 01:35 · Score: 2
  
  Actually, it appears that there's not only an iPhone app, but a Blackberry app, too.
  Still, I don't think I'll be taking advantage of Facebook's offer, here. Don't like the idea of Facebook having my phone number. Judging by the other comments, I can see I'm not alone.
  
  --
  Sent from my CR-48
thank you (google voice | text+ | your virtual #) by Anonymous Coward · 2011-05-12 23:31 · Score: 2, Insightful

This is where services like text+ shine: get an SMS throw away number and those future call center initiated contacts will get spam filtered.
Let me guess... by msauve · 2011-05-12 23:32 · Score: 4, Funny

This is Facebook, so the two factors are username and password.

--
"National Security is the chief cause of national insecurity." - Celine's First Law
1. Re:Let me guess... by rsmith-mac · 2011-05-12 23:33 · Score: 3, Funny
  
  Passwords are too hard to remember, particularly for the hardcore Facebook addicts. Instead it will be your username and your mother's name, that way you can quickly look it up on your friends list should you forget it.
2. Re:Let me guess... by Anonymous Coward · 2011-05-12 23:55 · Score: 3, Funny
  
  With every app and advertising maker having full access anyway, I think this is what I think they have in mind. Now with TWO locks!
Re:FaceBook adds Two Factor Authentication by curtisk · 2011-05-12 23:34 · Score: 5, Insightful

"Because if they steal your private data, we can't sell it to them!"
Thats so sadly funny... Facebook isn't even the least bit shy anymore, "just give us you cell/mobile number, its for safety!" I wonder what new data correlations and connections they can now make with that extra tidbit of data in that database version of you(in the database version of the world)

--
Sehr geehrter Toilettenbenutzer!
Re:It's not two-factor authentication. by Hultis · 2011-05-12 23:55 · Score: 2

That code is sent to your phone though, which is something you have (and there's presumably a short time window to use that code) => two-factor authentication.
Extra layer of security by ray_mccrae · 2011-05-12 23:57 · Score: 5, Funny

I heard that the two form authentication will involve both your password and verification that you've posted a derogatory story about Google to your blog.
WTF is the point? by geekmux · 2011-05-12 23:57 · Score: 4, Insightful

"To help its hundreds of millions of users prevent unauthorized access to their accounts..."
Gee, that's nice Farcebook. Now, what exactly are you going to do about your privacy policies that change with the wind, forcing users to constantly monitor their settings to prevent "authorized" access?
Hard to feel safe in the car when you don't trust the driver no matter how many seat belts you have on.
Facebook stupidity.. by Lumpy · 2011-05-13 00:10 · Score: 2, Insightful

"we will text your phone."
Because our admins are too stupid to remember that in the USA it costs money to receive text messages and not everyone is a tween that has unlimited texting on their phones K?

--
Do not look at laser with remaining good eye.
1. Re:Facebook stupidity.. by icebraining · 2011-05-13 00:20 · Score: 4, Insightful
  
  So would it be better for them not to implement it at all because you don't want to use it?
  Lots of people 1) don't live in the US, and therefore doesn't pay for incoming SMS, 2) have SMS packages or 3) don't mind paying, since it's not for every login but only when a new device is used.
  If you don't want to use it, nobody forces you to.
  
  --
  Dilbert RSS feed
2. Re:Facebook stupidity.. by ledow · 2011-05-13 00:28 · Score: 5, Insightful
  
  I have to say - paying to receive SMS is possibly the most stupid thing I've ever heard anyone agree to. It was back when mobile phones first came out and still is now.
  The problem is not Facebook there - the problem is people who tolerate a stupid system where you can end up paying for something you never asked for.
3. Re:Facebook stupidity.. by Chemisor · 2011-05-13 01:25 · Score: 3, Insightful
  
  Ok, wise guy; what are we supposed to do about it? There are only four carriers in the US, and they all charge for receiving text messages. Obviously, you only have two options: either not own a cellphone, or to start your own carrier. Not owning a cellphone does not hurt the carrier, since they have plenty of other customers who don't mind paying for text messages, or just can't live without a cellphone. No carrier will miss you. They will, in fact, want you to leave, since you are a cheapskate who does not make them money by signing up for an expensive monthly contract. Heck, you probably use prepaid, which is not making them any money at all! Your other option of starting your own carrier is not viable due to lack of capital. You'll need to build a few million cell towers, since if you just rent from the existing carriers you'll have to conform to their pricing plans or lose money. Who will lend you the money? Nobody. So, as you can see, we're all pretty much screwed and can do nothing about it.
4. Re:Facebook stupidity.. by Anonymous Coward · 2011-05-13 01:44 · Score: 2, Interesting
  
  I e-mailed Sprint and told them I didn't want to pay for texts, since I only receive a few a month. To summarize, they replied "No problem, we'll put you down for 200 free texts a month. Is that all you need, or can we help you with something else?". I was shocked, but service like that will retain me as a customer. I went so far as to write a response to commend them for it.
  
  But I guess your way works too: do nothing. Can't be disappointed if you never try, right?
5. Re:Facebook stupidity.. by mikestew · 2011-05-13 02:01 · Score: 2
  
  Ok, wise guy; what are we supposed to do about it?
  Google Voice, as one option, and I'm pretty sure there are others. From my POV, paying for texting is like getting your TV from a company that wants $80/month: quaint, but unnecessary.
6. Re:Facebook stupidity.. by icebraining · 2011-05-13 02:25 · Score: 3, Informative
  
  Largest segment? You do know that the vast majority of the world, including the US, still uses more feature phones than smartphones?
  Not to mention that for most people if you know they're FB password you can probably access their email too; from password reuse to finding their secret answer (like your candidate for vicepresident), it's almost useless as a second authentication mechanism.
  And you don't need a $30/month plan to receive one SMS a month, if that. How many times do you realistically use FB from a new device?
  
  --
  Dilbert RSS feed
Why no email option? by anti-pop-frustration · 2011-05-13 00:29 · Score: 2

This sounds like a ploy to harvest phone numbers from well meaning (if ill informed) users who care about security and who previously hadn't surrendered their phone number to facebook.

Is there a valid reason for not offering the same service via email? Using, you know, the email address that facebook already has on record.
lol by Charliemopps · 2011-05-13 00:38 · Score: 2

This will only insure that the data they collect on you is actually from you... there-by making it more valuable to the tens of thousands of businesses they then turn around and sell the information to.
they immediately publish your cell # by Loco3KGT · 2011-05-13 00:43 · Score: 3, Informative

Worth noting - when you supply a phone number (btw, my Google Voice number didn't work at all for this.. had to use my actual mobile #).. they immediately publish it on your profile.
Thanks Facebook! (i immediately removed it and disabled the feature)

--
Blessed be he who reads this post, Cursed be he who tells my boss.
1. Re:they immediately publish your cell # by curio_city · 2011-05-13 07:07 · Score: 2
  
  Worth noting - when you supply a phone number (btw, my Google Voice number didn't work at all for this.. had to use my actual mobile #).. they immediately publish it on your profile.
  Thanks Facebook! (i immediately removed it and disabled the feature)
  And then you can modify your privacy settings so that contact info is not viewable by any users other than you......