4:37 PM
Anonymous
On October 26 social networking giant Facebook has reveled that the "trusted friends" feature to help users regain control of their account and application passwords to prevent malicious third-party apps from accessing account data. The features will be rolled out to users over coming weeks.
Facebook has rolled out a number of security tools recently, including Login Approvals, Login Notifications and One-Time Passwords. It has also developed back-end systems to block spam from user accounts, malicious links from being posted on the Wall and stop potential cross-site scripting attacks.
The first new feature, trusted friends, is for account logins. When a user is unable to log in to the account, for whatever reason, Facebook sends the unlock code to designated “trusted friends” that can be forwarded to the user to log back in. In Facebook’s words, if the user is locked out of the house, the user can now go to a friend who has the spare key. Users can designate three to five friends as trusted. The “Forgot your password?” process will continue to allow users who’ve lost their password to reset and log back in.
Facebook said the new system would help users when the account has been hijacked and they can’t get into email.
Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog that users would have to keep an eye on “trusted” friends to ensure they aren’t prone to playing practical jokes. While the system is set up so that each friend is sent only a single code, it was possible they could still band together to access the account. Users should also “be pretty confident” the friends take computer security seriously, as well.
The other feature, App Passwords, provides a higher level of security for logging in to third-party applications. Many web applications and services, such as Spotify music service and Skype messaging service, allow people to log in using Facebook credentials. With this option enabled, Facebook can generate unique passwords that can be used as part of the login process, as opposed to using the normal credentials. Since it’s “certainly a good idea” not to use Facebook credentials with anyone other than Facbook, this is a good privacy option for the site to offer
If the user ever decides to stop using the app, it’s just a matter of deleting the password from within Facebook. Once the password has been deleted, the app can’t access account data.
The security benefits may be limited, as "it’s not hard to predict that the only people who might use such a feature might be those who are already very aware of privacy issues, rather than the great unwashed majority on Facebook"
Posted in: News
0 comments:
Post a Comment