24 thoughts on “Facebook Adds Mobile Authentication

  1. Gabriel

    Facebook remembers your device by setting a cookie, I think. Since I clear my cache frequently, every time I visit fcbk, it “forgets” my device/machine. Now, that’s a brilliant way for a multi-billion dollar company to write the device/machine remembering code!

    1. Al Mac

      I have Better Privacy with Fire Fox where I can opt to have cookies erased when I end my browser session, or some # minutes after they are created. I can also exempt some service from having their cookies erased.

      Did you know you needed Special Security to get rid of Super Cookies?

      1. Nick P

        Maybe they should use one of those Evercookies. It would be the first time one of them benefited a user.

        1. Teksquisite

          LOL! The “evercookies” made me laugh. Cookies that just won’t go away. Like my next-door-neighbor…

  2. Neej

    I don’t actually use Facebook – I have been thinking about it for ages but the privacy loss just doesn’t appeal even if some women I meet are incredulous that someone could “survive” without it.

    So maybe I’m missing something here but isn’t this just a hurdle more than anything else to an attacker that can be easily outsourced? What I mean is if someone hijacks an account cannot they just outsource the verification using another phone number that they supply?

    I mean I’ve seen virtual mobile numbers as low as 0.05 USD each and at that price it’s not really going to hold a determined attacker back.

    Unless I’m missing something of course.

  3. John

    This security measure would be easy enough to spoof. More people know my cell phone than my email.

    It really does sounds more like a way to get your phone number than to secure your account.

  4. qka

    Great! When this too blows up in Facebook’s face, they’ll be able to blame an intern!

  5. bob

    That’s one of my favourite quotes from “noted security curmudgeon” Schneier.

    “noted security curmudgeon” is my new favourite quote about Schneier.

    1. anon

      Labelling Mr. Schneier a ‘curmudgeon’ is a level of disrespect I don’t expect from you, Mr. Krebs.

      1. Maureen

        Anon, just a year or so of reading posts by Brian Krebs leads me to believe that he meant no disrespect to Mr. Schneier. In fact, after reading some of the comments on other sites (including the one Brian links to above), where people are just flat-out offering to give up their private information for a chance to interact online with other people through online social services, and claiming that security experts like Mr. Schneier (and Mr. Krebs) are “selling fear” for profit, I’m feeling rather curmudgeonly myself.

      2. BrianKrebs Post author

        No disrespect meant at all. I value Bruce’s opinions on all things security-related, and meant that in the most affectionate way possible. What’s more, I don’t think he’d argue with the title. 🙂

  6. Anon

    soooooooo on top of all the personal info. FB collects about you they’ll now have your mobile ph#? I’d rather risk having somebody hack my account that is void of all personal info. and if they want to mess with my LOLCats links they’re welcome to it.

    1. Al Mac

      I am on FB.
      I do not yet have a mobile phone.

  7. Teksquisite

    I gave them my number for “Login Approvals.” But not my real, everyday iPhone number…I added a “DumbPhone” to my family plan. For $10.99 extra a month – I have an additional line just for “social networking!” Imagine that!

    As far as Bruce Schneier featured as a “curmudgeon” – huh, Bruce resembles that well! He is on my daily security read-a-thon (along with Brian) highly respected security experts 🙂

    BTW, Brian can be quite the “curmudgeon” too. Imagine that!

  8. vinnyt

    I’ve never used fb or twitter, sometimes I may feel as if I am missing out on something, but not often.

    The hardest thing I’ve found about not being on these ‘services’ is convincing others that I’m not, some, like my gf and my boss, seem to take it as an insult.

    1. Al Mac

      I heard a statistic that 600 million people are on FB … translation several billion are NOT.

      There are people who (falsely) assume EVERYONE is on a particular service, so they react like a co-worker who gets a phone survey she is not interested in responding to.
      Survey “What is your favorite TV show?”
      Co-worker “We do not have a TV set in our house.”

      When we look at national statistics, it is plausible that a handful of households do not have a TV set, but generally when we hear someone saying like my co-worker, the natural assumption is they are telling a lie.

      There are people on some networks, who assume EVERYONE is on those networks, EVERYONE has a mobile phone, EVERYONE has certain other things, which is not true. Then when someone says they are not, the second assumption is that the person must be lying.

  9. anon

    lastpass + yubikey = you don’t want to guess my password I don’t even know it.

    1. Teksquisite

      I have been thinking about ordering the yubikey – that sounds like a great combination.

  10. Rakesh Mukundan

    I guess its a matter of personal preference..this feature should give protection for at least to those Facebook savvy users

  11. Steve

    Totally crazy. Even my former colleagues are either “clueless” or totally assimilated into Facebook. In general with social media what I see is communication has ground to a halt.

    It’s all just cognitive dissonance. So trying to get through the noise to help people understand what is going on is next to impossible. They don’t want to listen.

    Thats the biggest problem with “consumers using the internet these days”. They think since they have been surfing the web for a few years and have a Facebook thing going they know it all.

    Not good.

  12. carmen laporta

    i tried to enter my cell phone (tracfone) on facebook prompt. now when i try to open my facebook page, i’m asked to enter my cell phone – however i did receive a facebook confirmation code. right now i can’t access facebook – any suggestions on what i need to do

  13. Bill

    FB doesn’t have enough personal info from people? Now they want your phone number?? Anyone who gives it to them isn’t very smart, security my A$$! F— Facebook!!

Comments are closed.