Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook "Trusted Contacts" Lets You Pester Friends To Recover Account Access

Posted by samzenpus on from the with-a-little-help-from-my-friends dept.

alphadogg writes "Facebook Thursday said it's making available globally a feature called 'Trusted Contacts' that lets users select three to five friends who can help users recover account access such as if they forget their password. Facebook said the idea is that once these friends are identified as 'trusted contacts' through the user's security settings, Facebook will provide each of them with a special code. 'Enter the codes from [at least 3 of] your trusted contacts, and you'll be able to access your account,' Facebook says. 'After you set your trusted contacts, we'll notify them so that they can be ready to help you if you ever need it.'"

9 of 114 comments (clear)

  1. Security by LordLucless · · Score: 5, Interesting

    That sounds like a really good idea; adding a human element to password recovery using already established trust relationships. Of course, slashdot wouldn't be slashdot if we didn't try and skew reader response by painting it as "pestering".

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    1. Re:Security by markus_baertschi · · Score: 4, Insightful

      I agree, I find this an excellent password recovery scheme. It does not protect against a bad choice in friends, but there are no technical protections possible against that. But for password recovery it is very good and quite safe against abuse by anonymous internet hackers.

    2. Re:Security by Anonymous Coward · · Score: 5, Insightful

      It's also excellent at providing Facebook data which of your friends are close friends. Very useful to charge advertisers more for fake likes from trusted friends who are more likely to have a bigger impact.

    3. Re:Security by teslar · · Score: 4, Interesting

      I suppose the one worry is that if someone has the ability to impersonate your e-mail and has access to your friends list, he could then impersonate you and ask *all* your friends for codes. The attacker doesn't need to know who the trusted friends are since your circle of friends would not easily be able to detect that everyone's been contacted. The attacker may mine the publicly available info on the friends to personalise the message a bit, if not, keep it short and very simple. It's not like this request would come in a long personal message anyway. It IS likely that it will come by e-mail though since you'll already be at the computer, trusted friends may be around the globe and so on. In short, you need your friends to be capable of detecting an impersonation attempt, even if brief and potentially conveying a sense of urgency. Remember, your trusted friends may be the same people who click on links that appear to be from you *because* they trust you. So in summary, while I do think this is pretty neat, I also wonder if this is not rather vulnerable to social engineering (perhaps not so much among the /. crowd - but generally)?

  2. Collusion? by heypete · · Score: 5, Insightful

    While I'd hope that people would trust their friends to not abuse a privileged position in order to gain access to one's account, it's probably a good idea to pick friends from different, non-overlapping social circles to make it difficult for them to know who other "trusted" people for one's account are.

  3. Is this new? by Nbrevu · · Score: 5, Funny

    Facebook [..] Lets You Pester Friends.

    Wasn't that already its primary use?

  4. This is a social gimmick by EmagGeek · · Score: 5, Interesting

    It creates yet another layer of "friendship exclusivity" in the Facebook social world. You have "friends" already, but now you can have "OMG BFF!" people as well, and some will feel accepted or rejected based on whether they are one of your "chosen few."

    This is, of course, the intent - to create more hype and drama, and even more important, yet another vehicle for narcissism to flourish.

  5. But... by shitzu · · Score: 5, Funny

    But I do not have 3 friends you insensitive clods!

  6. Deleting account after death by Anonymous Coward · · Score: 4, Insightful

    Sound like a good idea in theory, and it would also allow close friends to close an account of a departed one.

    I know previously this can be distressing to contact facebook admins, and convince them that this is a valid request.