Does Facebook’s OTP Really Protect Users?
Today there has been a very interesting post on Security-Faq regarding password security and new Facebook One time password solution. According to Lee:
What the team over at Facebook has come up with is a way to get a temporary password at anytime when you are on a wireless network that you do not trust.
While your normal password will still work, you are able to use this password on a temporary basis.
The way that you do this is to use the cell phone that you access your Facebook account with and type in the letters “otp” to the number 32665.
one-time password (OTP) is a password that is valid for only one login session. This method can provide security but it will not eliminate hackers from getting access to Facebook account. Using non secured network without encryption and other security measures will make us at the same situation.
20 minute is enough for having all sensitive information (including all pictures , friend list, videos..) and OTP will not protect users from MITM (man in the middle attack).
On the other side I prefer Google account security system as it provides users more information if there is a connection opened on users account from another location and monitor all latest ip’s logged into the session.
This account is open in 1 other location (xxx.xxx.xxx.xxx).
Last account activity: 2 hours ago on this computer. Details
I think that Facebook and other Social Network may add more security features than just OTP as it still not enough secure.
make sure you subscribe to my RSS feed!