Facebook's Account Kit Login System Works Via Phone Numbers, No Passwords Needed

An anonymous reader writes: At this year's F8 developer conference, Facebook announced a new tool called Account Kit, which can be used by app developers to support phone number-based login systems. Every time the user wants to login, they have to enter their phone number. Facebook will then send them a verification code via SMS, which they have to enter on the site. The system was already tested live, and Facebook expects it to be widely adopted, allowing sites to offer users accounts that don't require them to memorize a new password. Each developer has a 100,000 free confirmation SMS messages per month quota. Facebook claims to support SMS login operations for over 230 countries and regions, and in 40 different languages.

Do these muppets not realise

[ickleberry]

That it's possible to intercept SMS, either through the air or from the handset. Feck it, most android apps are spyware/adware with a bunch of permissions it they have no legitimate use for

They don't have to steal your phone!

[Ihlosi]

someone steals my phone

They don't even have to steal your phone. They could forge or order a duplicate SIM card, or install malware on your phone. You wouldn't know that someone is using your login.

Re:Slowly but surely

[skegg]

Definitely part of the long, gradual slide towards less anonymity.
Companies love it: the less nebulous we are to them the more they can profit off us.
Governments love it: all our transactions & interactions can be recorded, tracked and accessed whenever they so desire.

I also groan for the schmucks who use their work phone numbers for online access. If they're let go without notice - and have to surrender their work phone - they'll need to quickly remove that number from their various accounts.

I'll stick to using passwords as my primary log-in method.