Threat Level: Infocon green

ISC Diary

Refresh Latest Diaries


Facebook goes two-factor

Published: 2011-05-22,
Last Updated: 2011-05-22 19:34:37 UTC
by Kevin Shortt (Version: 1)

6 comment(s)

Facebook is now offering a new feature called "Login Approvals".   I call it part-time two-factor authentication mechanism.  Andrew Song of Facebook states:  "Login approvals is a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer." [1]

I have downgraded it to "part-time" because once you have approved the browser instance you are using to login to daily, it does not require execution of the second authentication until you have removed it from the list.  I clarify "browser" because you will be forced to re-auth from a different browser.  

On the upside however, it is an easy and ubiquitous solution that many people are inclined to incorporate in order to protect their Facebook account.  "Login Approvals" can be turned on in the "Account Security" section on the Settings tab of your Facebook Account Settings.

[1] https://www.facebook.com/note.php?note_id=10150172618258920


Kevin Shortt
--
ISC Handler on Duty

Keywords: 2FA Facebook twofactor
6 comment(s)
Top of page

Top of page

Comments

this means that I should trust Facebook and give them my mobile phone number. I really am not in the mood considering that they could share information with partners/advertisers. Why don't they offer the possibility to receive an email instead of an sms?
posted by tony, Sun May 22 2011, 20:22
IMHO, it is their way of making sure persons using facebook are only using one (1) account.
I will also *not* provide my mobile number, unless they state in black and white that they will pay a grand sum of money in case the user finds out their info has been passed to any other entity as facebook.com's own system.
posted by ©TriMoon™, Sun May 22 2011, 21:59
"whenever you log into Facebook from a new or unrecognized computer" What a great idea specially if you clear cookies, cache etc. by closing the browser. So after every restart of your browser facebook doesn't recognize you and you get a text. Wohoo! Hopefully facebook pays the bill...
posted by 0l, Mon May 23 2011, 08:40
I think this is a good step--maybe not for the most paranoid or protective, but those aren't the ones getting their Facebook hacked in the first place. The people this really helps already have their phone number plastered all over the internet.
posted by infotechie, Mon May 23 2011, 20:41
"in order to stop us from losing your personal information, give us more personal information" - what could possibly go wrong?
posted by NiceTry, Tue May 24 2011, 05:29
Just use a prepaid card for this, that way your 'real' number is safe from them :)
posted by Case, Tue May 24 2011, 06:47

New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form

Diary Archives

Top of page
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

Get ISC Swag!!

Advertisement

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

UDP port 1434 directed attack to AS13489 IP ranges - by: Manuel Humberto Santander Pelaez (2013-05-24)

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute