Facebook's One-Time Password System still Leaves Users Open to Security Risks, Sophos Warns

MUMBAI / BANGALORE, India – October 18, 2010 – IT security and control firm Sophos today Stated that Facebook has announced a new feature yesterday that claims to give users an additional method to keep their social networking account secure. Facebook claims that its new one-time password feature will make it safer to use Facebook on computers in public places such as hotels, cafes or airports – as users can now request to receive a temporary password by SMS message which expires after 20 minutes.


However, Graham Cluley, Senior Technology Consultant at Sophos warns that Facebook’s one-time password feature could in fact result in further security concerns for users. “If you believe a computer might not be secure in the first place, why would you use it to access personal accounts such as Facebook? A temporary password may stop keylogging spyware, giving cybercriminals a permanent backdoor into your account, but it doesn’t stop malware from spying on your activities online, and seeing what’s happening on your screen,” said Cluley.


Furthermore, if you’re anything like me, it’s likely that you’ve mislaid your mobile phone from time to time.  If someone else can gain access to your phone and send a text message, your Facebook account will be unlocked.


There’s a simple lesson that everyone needs to learn. Never visit websites like Facebook from computers that may not be running adequate anti-virus software or security patches.  If you don’t trust the PC, don’t use it to access Facebook – even if you do have a temporary password,” continued Cluley. “Instead, wait until you have access to a trusted PC, rather than risking sharing your personal information with unknown others. There’s a real danger that the one-time-password system will be viewed as a green light by Facebook users to access their accounts from unsafe PCs.


# # #


About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use, and that deliver the industry’s lowest TCO. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs—a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards. Sophos is headquartered in Oxford, UK and Boston, US. More information is available at www.sophos.com



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s