Facebook “One Time” Passwords – Are They The Way Of The Future?

The age old password dilemma has been a problem when it comes to computers for some time now.

Every time we think we have solved it another obstacle gets in our way.

How does something that seems so simple tend to trip us up over and over again?

While issuing and sending a password is easy, the disconnect comes from when it is time for the end user to get the password that was issued.

could "one time" passwords be the solution?

could "one time" passwords be the solution?

If you make the password too complicated then the person cannot memorize it and so they have to write down.

This causes another level of security problems.

If you make the password too easy then the person can remember it but it is too easy for a black hat hacker to get through – they will be able to access all of the person’s personal data before they even know that the hacker was in there.

Another big problem that we face when it comes to passwords is the fact that we tend to forget them.

As I said earlier, the only cure to that is to write it down somewhere.

If you write the password down, then you allow anyone that is in your immediate vicinity to be able to access your account with your password right in their hand.

A Problem With Using Passwords On A Strange Network

As you see, security of the password itself is a big issue.

But there is also another security issue with passwords that we have to deal with that has nothing to do with the password itself.

The issue comes from having to use a username and password on a strange network.

With the internet being all over the place right now, we have a tendency to try to log onto a web site wherever we are.

We can use our laptops, our IPads, our cell phones, the available internet in the air and all of a sudden we have access to our online bank account while we are in the middle of the park.

This is the advantage that we have in the new digital age.

But a problem that we still struggle with is that we have to use our real password on a strange network that may or may not be protected.

Someone may be able to easily intercept our password and use it themselves.

This is a real problem with wireless networks and the people over at Facebook think that they might have the answer.

Facebook’s Solution To The Password Problem

What the team over at Facebook has come up with is a way to get a temporary password at anytime when you are on a wireless network that you do not trust.

While your normal password will still work, you are able to use this password on a temporary basis.

The way that you do this is to use the cell phone that you access your Facebook account with and type in the letters “otp” to the number 32665.

After that, Facebook will send you the temporary password to access your account with.

Now you will be able to do all of the normal things that you do on Facebook all without having to reveal your password to a potential bad guy.

This is a new solution that they have and it can prove to be just what the public has been looking for.

But there can be some cause for concern when it comes to this solution.

What Are The Potential Problems Of Using Temporary Passwords?

While this is a good solution for Facebook users in general, it is not a cure all for every institution to switch to.

There are certain security holes that can still pop up while this technique is in use.

The main cause for security concerns when it comes to this method is the fact that anyone can access your phone that you have registered with Facebook.

If they get to your phone and they type in the required text then they will have a password that will allow them to access your Facebook account for up to 20 minutes.

While they are in your account, they could do an untold amount of damage before you even realize that they are in there.

There are a few more security concerns that can be raised but that is the main issue and something that Facebook is going to have to work on.

While overall this method is a good idea, especially for a site like Facebook, you will be hard pressed to find any online bank issuing a temporary password like this.

It would put the end user at too much risk if they were ever to lose their mobile phone which happens all of the time.

While the temporary password is an idea whose time has come, it is still not ready for everybody to use just yet.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. I’m not totally convinced…

    A lot of people access facebook via their phones anyway. So if I stole someones phone 9/10 if I fired up facebook it would be logged on already. If it isn’t logged on, I can just use the phone to get a temp password texted to me.

    Plus, the phone really muddy’s the water. Is it a phone? is it a laptop? Is it your security device?

    With so much going into the phone, you’re ending up pushing your single point of failure to your phone. And most phones have quite poor security to prevent someone from accessing it.

    Security is a bit like a rubix cube at times. in the attempt to match up one side of colours you mess up the other 5 sides.

    • You make a good point about mobile phones actually Javvad – I do forget sometimes that the little knowledge I have does actually set me apart from the average guy in the street.

      I’m extremely careful with my phone and very picky about what apps I put on it and which sites I visit with it, whereas most people do, well, pretty well everything on theirs, including internet banking in the case of some of my friends.

      As for Rubix cubes, well, I was always very quick when it came to solving those 😛

  2. good one! Still its viable solution with little modification of the facebook’s concept

    • I totally agree – its a big step in the right direction and I could definitely see this evolving into a more secure long-term solution in the near future.

Trackbacks

  1. […] there has been a very interesting post on Security-Faq regarding password security and new Facebook One time password solution. According to […]

  2. […] This post was mentioned on Twitter by Javvad Malik and YO9FAH, Lee. Lee said: Facebook “One Time” Passwords – Are They The Way Of The Future? http://bit.ly/bF8WLk […]

Speak Your Mind

*