Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook "Trusted Contacts" Lets You Pester Friends To Recover Account Access

Posted by samzenpus on from the with-a-little-help-from-my-friends dept.

alphadogg writes "Facebook Thursday said it's making available globally a feature called 'Trusted Contacts' that lets users select three to five friends who can help users recover account access such as if they forget their password. Facebook said the idea is that once these friends are identified as 'trusted contacts' through the user's security settings, Facebook will provide each of them with a special code. 'Enter the codes from [at least 3 of] your trusted contacts, and you'll be able to access your account,' Facebook says. 'After you set your trusted contacts, we'll notify them so that they can be ready to help you if you ever need it.'"

28 of 114 comments (clear)

  1. Security by LordLucless · · Score: 5, Interesting

    That sounds like a really good idea; adding a human element to password recovery using already established trust relationships. Of course, slashdot wouldn't be slashdot if we didn't try and skew reader response by painting it as "pestering".

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    1. Re:Security by markus_baertschi · · Score: 4, Insightful

      I agree, I find this an excellent password recovery scheme. It does not protect against a bad choice in friends, but there are no technical protections possible against that. But for password recovery it is very good and quite safe against abuse by anonymous internet hackers.

    2. Re:Security by Chrisq · · Score: 3, Interesting

      It does not protect against a bad choice in friends

      I would imagine that Facebook account access is the least of your problems if you have a bad choice of friends.

    3. Re:Security by Anonymous Coward · · Score: 5, Insightful

      It's also excellent at providing Facebook data which of your friends are close friends. Very useful to charge advertisers more for fake likes from trusted friends who are more likely to have a bigger impact.

    4. Re:Security by teslar · · Score: 4, Interesting

      I suppose the one worry is that if someone has the ability to impersonate your e-mail and has access to your friends list, he could then impersonate you and ask *all* your friends for codes. The attacker doesn't need to know who the trusted friends are since your circle of friends would not easily be able to detect that everyone's been contacted. The attacker may mine the publicly available info on the friends to personalise the message a bit, if not, keep it short and very simple. It's not like this request would come in a long personal message anyway. It IS likely that it will come by e-mail though since you'll already be at the computer, trusted friends may be around the globe and so on. In short, you need your friends to be capable of detecting an impersonation attempt, even if brief and potentially conveying a sense of urgency. Remember, your trusted friends may be the same people who click on links that appear to be from you *because* they trust you. So in summary, while I do think this is pretty neat, I also wonder if this is not rather vulnerable to social engineering (perhaps not so much among the /. crowd - but generally)?

    5. Re:Security by LordLucless · · Score: 2

      Which is still a step above the current state of affairs. It relies on somebody being able to gain access to your email address; currently, if that happens, you're screwed anyway.

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    6. Re:Security by Isaac+Remuant · · Score: 3, Insightful

      There's already 5000 ways for them to discover what friends are more relevant to you, though.

      They can analyze your interactions, your views of someones profiles/walls, your clicks on their shares, your groupings or other customized settings...

      I don't think this is the sort of feature that will have so much adoption as to matter in that sense.

      --
      "Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
    7. Re:Security by daveewart · · Score: 3, Insightful

      Just because you trust someone to be _trustworthy_ doesn't mean that you trust their _opinions_. For example, I would trust some members of my family to not abuse having a house key, for example; wouldn't stop them from talking nonsense I don't agree with, though :-)

      --
      "If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
    8. Re:Security by arth1 · · Score: 3, Informative

      Not only a good idea, but it's a really elegant solution for social networks. Nice work, Facebook!

      Either you're trolling, or you really have a weird definition of "elegant". This is highly exploitable through social engineering, and also is a very inelegant solution for those who currently don't have three trusted online "friends", or those who no longer trust one, and have to give them the digital equivalent of a face slap by removing the assigned trust.

      I think this is slightly more elegant:
      Write your password on a piece of cardboard. Fold it, and put it in an envelope. Mail it to a relative, saying it's your password for [service], and not to be opened unless you ask or you're dead.
      You don't need to hunt down three friends. You don't have to give facebook information about who you trust. And you're covered even if you die.

    9. Re:Security by Thud457 · · Score: 2

      OH YEAH, this is a BRILLIANT idea!
      Let's just add in another handful of vectors for phishing attacks. With people with less familiarity to your personal information and less incentive to exercise diligence.
      I see NO possible FLAW with that plan!&
      </boggle-eyed Homer simpson over the top sarcasm>

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    10. Re:Security by knorthern+knight · · Score: 2

      > I'm downplaying the effectiveness. I'm not saying FB is not out to get
      > every last bit of info out there. If you're very privacy conscious, there's
      > quite a number of things you should be looking out before this one.

      If you're very privacy conscious... then you're not on Facebook in the first place.

      --

      I'm not repeating myself
      I'm an X window user; I'm an ex-Windows user
    11. Re:Security by dmitrygr · · Score: 2

      http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

      --
      -------
      1. Enjoy your job
      2. Make lots of money
      3. Work within the law

      Choose any two.
  2. Collusion? by heypete · · Score: 5, Insightful

    While I'd hope that people would trust their friends to not abuse a privileged position in order to gain access to one's account, it's probably a good idea to pick friends from different, non-overlapping social circles to make it difficult for them to know who other "trusted" people for one's account are.

  3. Is this new? by Nbrevu · · Score: 5, Funny

    Facebook [..] Lets You Pester Friends.

    Wasn't that already its primary use?

  4. Re:Teen Drama in 5 4 3 2 1 by Grantbridge · · Score: 3, Interesting

    There are plenty of young people pranking each other by hijacking their friend's accounts without this! Leaving yourself logged in on a laptop/phone is considered permission to update your status to something "hilarious". I don't think this is going to increase hijacking.

  5. Re:Does anybody care? by Tridus · · Score: 3, Insightful

    Probably nobody does in that cave you're hiding in, but out here in the world? Yeah, there's a couple people still using it, give or take millions.

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
  6. This is a social gimmick by EmagGeek · · Score: 5, Interesting

    It creates yet another layer of "friendship exclusivity" in the Facebook social world. You have "friends" already, but now you can have "OMG BFF!" people as well, and some will feel accepted or rejected based on whether they are one of your "chosen few."

    This is, of course, the intent - to create more hype and drama, and even more important, yet another vehicle for narcissism to flourish.

  7. But... by shitzu · · Score: 5, Funny

    But I do not have 3 friends you insensitive clods!

  8. Re:Does anybody care? by Isaac+Remuant · · Score: 3, Insightful

    Yes. There is a real world outside of your room. People socialize. It might be hard to recognize it from the center of the universe you are in but it happens.

    --
    "Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
  9. Nuclear Launch Codes by rodrigoandrade · · Score: 2

    Isn't this security measure a bit overkill for a stupid social network site??

    What's next? All 3 to 5 friends will have to enter their codes simultaneously to recover the lost account?

  10. Brain Fart by StoneyMahoney · · Score: 2

    This is supposed to be a security... enhancement?! How many people do you know on Facebook who would "recover" your password, change your profile picture to the photo they took of you in drag being touched up by a biker, change your status to Dead and start inviting people to your funeral? Because that's the vast majority of my friends - I'd trust them with my life but wouldn't dream of trusting them with £5. Or my beer. Or access to my Facebook accou - ohhhhhhh wait!

    1. Re:Brain Fart by Anonymous Coward · · Score: 2, Insightful

      I know lots of those people, but they are not my trusted friends. If you have no true trusted friends, don't set any on facebook. It's not mandatory.

  11. Re:It's not about YOU stupid. by RackinFrackin · · Score: 2

    you get nothing in return

    FB users get a significant amount of utility out of Facebook, and of course it comes at a cost. It looks extremely lop-sided because there's only one facebook and there are a billion or so users, but saying that users get nothing from it is just as stupid as saying that it costs users nothing.

  12. Re:Does anybody care? by arth1 · · Score: 2

    Yes. There is a real world outside of your room. People socialize.

    Yes, there is a real world out there. As opposed to Facebook, which you mostly access from your room.

    Yes, people socialize. Have meals together, go dance, study together, play and sing, and much more. But it happens in "the real world outside of your room".

    Sure, you can use Facebook to facilitate much of that, but you can do that with a phone or a car or e-mail too. Yet that doesn't make people think that the phone or car or mail server is the venue.

  13. Deleting account after death by Anonymous Coward · · Score: 4, Insightful

    Sound like a good idea in theory, and it would also allow close friends to close an account of a departed one.

    I know previously this can be distressing to contact facebook admins, and convince them that this is a valid request.

  14. Re:Does anybody care? by Etcetera · · Score: 2

    Yes. There is a real world outside of your room. People socialize.

    Yes, there is a real world out there. As opposed to Facebook, which you mostly access from your room.

    Yes, people socialize. Have meals together, go dance, study together, play and sing, and much more. But it happens in "the real world outside of your room".

    Sure, you can use Facebook to facilitate much of that, but you can do that with a phone or a car or e-mail too. Yet that doesn't make people think that the phone or car or mail server is the venue.

    You mostly access Facebook from your room? ("In Korea, only old people use email...") I access Facebook from my car, from the office, from the park, from a bar, waiting in line at the DMV, via text, etc...

    It's a forum for electronic communication. Sure it's possible to primarily use it purely for random connections, but well over 90% of my Facebook friends I know (or have at least met) in person.

    If you're asking "Why Facebook them when I could just text them*?", you're doing social media wrong.

    *(outside of a disaster situation)

    --
    Hire a Linux system administrator, systems engineer,
  15. Useful in the event of death/accidents by phorm · · Score: 2

    I've heard a lot of complaints about people passing away, and their facebook account becoming inaccessible to friends or family. This would be useful in the event of a long-term disabling event or death, allowing a spouse or close friend to pass on information in the event of a tragedy (or just begin the process of closing out the account).

  16. Re:SSteps...ecurity by Aaden42 · · Score: 2

    Assuming they do in some fashion regain control of their account (and setting trusted friends doesn't prevent them from using some other password reset channel), they can simply un-trust your faux friends. Account security is restored. Granted there's a race condition if you can re-reset the password faster than they can un-trust you, but that seems like an *awful* lot of work to keep a Facebook account.