Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Account Kit Login System Works Via Phone Numbers, No Passwords Needed (softpedia.com)

Posted by BeauHD on from the can-I-have-your-number? dept.

An anonymous reader writes: At this year's F8 developer conference, Facebook announced a new tool called Account Kit, which can be used by app developers to support phone number-based login systems. Every time the user wants to login, they have to enter their phone number. Facebook will then send them a verification code via SMS, which they have to enter on the site. The system was already tested live, and Facebook expects it to be widely adopted, allowing sites to offer users accounts that don't require them to memorize a new password. Each developer has a 100,000 free confirmation SMS messages per month quota. Facebook claims to support SMS login operations for over 230 countries and regions, and in 40 different languages.

9 of 116 comments (clear)

  1. Slowly but surely by Sean · · Score: 5, Insightful

    Everything is being tied back to real identity and it's becoming more and more difficult to publish anything without leaving a trail back to yourself.

    1. Re:Slowly but surely by butzwonker · · Score: 5, Insightful

      ... which happens to be every culture on earth.

    2. Re:Slowly but surely by skegg · · Score: 5, Interesting

      Definitely part of the long, gradual slide towards less anonymity.
      Companies love it: the less nebulous we are to them the more they can profit off us.
      Governments love it: all our transactions & interactions can be recorded, tracked and accessed whenever they so desire.

      I also groan for the schmucks who use their work phone numbers for online access. If they're let go without notice - and have to surrender their work phone - they'll need to quickly remove that number from their various accounts.

      I'll stick to using passwords as my primary log-in method.

    3. Re:Slowly but surely by Applehu+Akbar · · Score: 4, Insightful

      It's two-factor login without the first factor.

  2. Dislike this idea by Anonymous Coward · · Score: 4, Insightful

    Passwords serve a useful purpose. People lose phones all too frequently, and many aren't well-secured. Passwords are a bad authentication mechanism on their own, but they do improve security in two factor authentication. Otherwise, it's possible to do a lot more damage from a lost phone. Knowing a password greatly increases your confidence that the person is who they say they are. I hate the idea of removing either factor in two factor authentication.

  3. yay. by Rik+Sweeney · · Score: 4, Insightful

    I imagine that by giving them my number, I'll also be agreeing to have it passed onto "carefully selected partners" who will send me information about products I may be interested in.

    --
    Summation 2
  4. steal your phone and your login by brucellin0 · · Score: 5, Insightful

    great, so someone steals my phone and has automatic access to the logins too.

  5. They don't have to steal your phone! by Ihlosi · · Score: 5, Interesting
    someone steals my phone

    They don't even have to steal your phone. They could forge or order a duplicate SIM card, or install malware on your phone. You wouldn't know that someone is using your login.

  6. Re:You call THAT 2FA?!? by 110010001000 · · Score: 4, Insightful

    If you have someones cell phone you already have access to most things anyway. Most services (including email) on mobile devices leave the user logged in or for convenience by saving their credentials locally.