Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Account Kit Login System Works Via Phone Numbers, No Passwords Needed (softpedia.com)

Posted by BeauHD on from the can-I-have-your-number? dept.

An anonymous reader writes: At this year's F8 developer conference, Facebook announced a new tool called Account Kit, which can be used by app developers to support phone number-based login systems. Every time the user wants to login, they have to enter their phone number. Facebook will then send them a verification code via SMS, which they have to enter on the site. The system was already tested live, and Facebook expects it to be widely adopted, allowing sites to offer users accounts that don't require them to memorize a new password. Each developer has a 100,000 free confirmation SMS messages per month quota. Facebook claims to support SMS login operations for over 230 countries and regions, and in 40 different languages.

4 of 116 comments (clear)

  1. Do these muppets not realise by ickleberry · · Score: 3, Interesting

    That it's possible to intercept SMS, either through the air or from the handset. Feck it, most android apps are spyware/adware with a bunch of permissions it they have no legitimate use for

  2. They don't have to steal your phone! by Ihlosi · · Score: 5, Interesting
    someone steals my phone

    They don't even have to steal your phone. They could forge or order a duplicate SIM card, or install malware on your phone. You wouldn't know that someone is using your login.

  3. You call THAT 2FA?!? by geekmux · · Score: 1, Interesting

    Congratulations Farcebook. You've managed to re-define two-factor authentication for the new generation who's too damn lazy to actually create and remember a secure password.

    Your version of 2FA is now something you have, coupled with something you have.

    All I need to do now to impersonate someone online is have their phone in my possession.

    And of course the way the professional world these days hangs your career on your social media responsibility, you'll be fired within the hour for something you could barely prove you didn't say or do online, since "Someone stole my phone and said nasty things about you boss, it wasn't me." will go over about as well as "The dog ate my homework."

  4. Re:Slowly but surely by skegg · · Score: 5, Interesting

    Definitely part of the long, gradual slide towards less anonymity.
    Companies love it: the less nebulous we are to them the more they can profit off us.
    Governments love it: all our transactions & interactions can be recorded, tracked and accessed whenever they so desire.

    I also groan for the schmucks who use their work phone numbers for online access. If they're let go without notice - and have to surrender their work phone - they'll need to quickly remove that number from their various accounts.

    I'll stick to using passwords as my primary log-in method.