Skip to content

October 14, 2010


Facebook Introduces One-time Passwords and Remote Log-out

Facebook LogoHot on the heels of my last post about Facebook’s Suspicious Login Tracking,the social networking site has just introduced two additional authentication/session security mechanisms. The first news item is the introduction of one-time passwords, with the aim of increasing account security for those who log into Facebook on public or shared computers.

The proposed one-time password mechanism would require you to register your mobile phone number with Facebook. You would then be able to text “otp” to 32665 (currently U.S. only), and Facebook would send back a single-use password for your account that expires after 20 minutes. This feature will become available in the coming weeks.

Although it’s a good idea in theory, and helps mitigate against malware or key loggers, it also makes targeted attacks more easy to perform. It is easy to lose one’s phone, or even leave it unattended. If an attacker can get to your phone for a minute, they may be able to get a one-time password for your account. How Facebook actually implements this remains to be seen.

The second feature they introduced, available now, is the ability to remotely sign-out a session. Remember that time you logged in to Facebook at your friend’s house, and forgot to log out, resulting in a slew of embarrassing posts and images being posted on your behalf? With this feature you may have been able to prevent that by logging in to Facebook and then killing that session. I think this is a great feature, and would be useful in other long-session-based services such as Gmail.

Facebook Remote End Session

You can find this by going to Account -> Account Settings ->Account Security. Your current session will be showed under ‘Most Recent Activity’. If you see anything under ‘Also Active’ that you don’t recognise, just click ‘end activity’ and Facebook will delete the server-side session ID for that session.

5 Comments Post a comment
  1. Mar 22 2012

    Gmail has actually had this feature for quite a while. Just look at the bottom of your Gmail inbox, and you’ll see information about your last log-in. Click on the details link and a pop-up will display the last 10 logins, their associated IP address/location, and the last time activity occurred via that login.

    It will also reveal a button called “Sign out all other sessions”

  2. Feb 11 2017

    My Facebook keeps saying looks like you haven’t logged in her befor enter a code I have my old number still linked to my account so I can’t get a txt with the code I need

  3. Feb 11 2017

    My Facebook keeps sayin looks like I never logged in here befor I don’t got my new number on my account how do I get my code I’m already logged in just can’t get on my page

  4. Marion C. Marsh
    Jun 13 2018

    I am not a hacker and yet it is seemingly IMPOSSIBLE to get into My own Face Book. I got a new phone yesterday and I’ve forgotten my password and they haven’t sent a code for me to use!!! How in his world do I remedy this…About 85% of my network for business is on there.

  5. Jibon Sarkar
    Sep 16 2020

    Hey, I have a facebook account names MD Ekramul Haque Munna. Someone change my facebook loging phone number. I Can’t Logging my facebook. please solve my facebook problem. Facebook Id Link Here

Share your thoughts, post a comment.


Note: HTML is allowed. Your email address will never be published.

Subscribe to comments