Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Account Kit Login System Works Via Phone Numbers, No Passwords Needed (softpedia.com)

Posted by BeauHD on from the can-I-have-your-number? dept.

An anonymous reader writes: At this year's F8 developer conference, Facebook announced a new tool called Account Kit, which can be used by app developers to support phone number-based login systems. Every time the user wants to login, they have to enter their phone number. Facebook will then send them a verification code via SMS, which they have to enter on the site. The system was already tested live, and Facebook expects it to be widely adopted, allowing sites to offer users accounts that don't require them to memorize a new password. Each developer has a 100,000 free confirmation SMS messages per month quota. Facebook claims to support SMS login operations for over 230 countries and regions, and in 40 different languages.

10 of 116 comments (clear)

  1. Slowly but surely by Sean · · Score: 5, Insightful

    Everything is being tied back to real identity and it's becoming more and more difficult to publish anything without leaving a trail back to yourself.

    1. Re:Slowly but surely by butzwonker · · Score: 5, Insightful

      ... which happens to be every culture on earth.

    2. Re:Slowly but surely by Applehu+Akbar · · Score: 4, Insightful

      It's two-factor login without the first factor.

  2. Dislike this idea by Anonymous Coward · · Score: 4, Insightful

    Passwords serve a useful purpose. People lose phones all too frequently, and many aren't well-secured. Passwords are a bad authentication mechanism on their own, but they do improve security in two factor authentication. Otherwise, it's possible to do a lot more damage from a lost phone. Knowing a password greatly increases your confidence that the person is who they say they are. I hate the idea of removing either factor in two factor authentication.

  3. yay. by Rik+Sweeney · · Score: 4, Insightful

    I imagine that by giving them my number, I'll also be agreeing to have it passed onto "carefully selected partners" who will send me information about products I may be interested in.

    --
    Summation 2
    1. Re:yay. by Anonymous Coward · · Score: 3, Insightful

      Not yet. That will be announced in a 'policy update' when they have enough numbers.
      You will be able to turn it off, but the default is to leave it on.

  4. steal your phone and your login by brucellin0 · · Score: 5, Insightful

    great, so someone steals my phone and has automatic access to the logins too.

  5. Re:Google voice? Burner phone? by Anonymous Coward · · Score: 2, Insightful

    Governments all over the world are working hard to close those loopholes. Soon you won't be able to buy a phone or sim card without id, and all the devices already out there will suddenly have their network access revoked until you register them with government issued id. If a tin pot dictatorship like pakistan can pull this off, anybody can.

  6. Re:You call THAT 2FA?!? by 110010001000 · · Score: 4, Insightful

    If you have someones cell phone you already have access to most things anyway. Most services (including email) on mobile devices leave the user logged in or for convenience by saving their credentials locally.

  7. Re:They don't have to steal your phone! by Overzeetop · · Score: 3, Insightful

    "You wouldn't know that someone is using your login."

    Short of phone malware that hides selected incoming SMS and deletes them before you open your SMS app, you should suspect someone is using your phone number when either (a) you get seemingly random login verification numbers or (b) your phone company bitches at you about having more than one location/identity on their network (SIM presence).

    --
    Is it just my observation, or are there way too many stupid people in the world?