For all the controversy they create with privacy issues, there’s no denying that Facebook has good ideas (well, unless you’re Trent Reznor). The latest feature they’re starting to roll out today is very, very smart: one-time passwords.
We’ve likely all had the situation where we’ve logged into some account at an Internet cafe, library, or friend’s computer and worried that we forgot to log out and/or accidentally saved our passwords on that computer. Facebook’s new feature allows you to simply text “otp” to 32665 from your mobile phone (the one associated with your Facebook account) and you’ll immediately receive a temporary password that can only be used once and will expire in 20 minutes. Brilliant.
The only downside seems to be that you need to remember that texting shortcode, but perhaps they’ll put a link prominently on their mobile site and/or apps.
On top of one-time passwords, Facebook is finally rolling out the ability to sign out of your account remotely. This obviously also solves the problem of worrying you forgot to log out of your account on another machine. Google and other services have had this for a while, and it can be very useful.
In your Account Settings page, Facebook also now shows you your period of last activity on the service, just in case you’re afraid someone has accessed your account. This is also similar to what Google does with Gmail, but it’s laid out in a much nicer way on Facebook — including the approximate location of the person and what device they were using to access the account (Google lists both of those things as well but in a much more computerized format).
Facebook also notes:
Lastly, when people log in to Facebook we will regularly prompt them to keep their security information updated. If you ever lose access to your account, having this information helps us verify who you are and get you back into your account quickly.
Speaking of Google, they’ve also been recently stepping up their game with regard to security. Last month, they started enabling two-step authentication which requires you enter a username, password, and secret code sent to the mobile phone associated with your Google account.