1. If you use Google Voice, your number won’t work with this process. Whether it’s due to the SMS support in GV or some evil ploy by Facebook to get your number is up to you to decide…

    One of several places with complaints by GV users:

  2. Facebook remembers your device by setting a cookie, I think. Since I clear my cache frequently, every time I visit fcbk, it “forgets” my device/machine. Now, that’s a brilliant way for a multi-billion dollar company to write the device/machine remembering code!

    • I have Better Privacy with Fire Fox where I can opt to have cookies erased when I end my browser session, or some # minutes after they are created. I can also exempt some service from having their cookies erased.

      Did you know you needed Special Security to get rid of Super Cookies?

  3. I don’t actually use Facebook – I have been thinking about it for ages but the privacy loss just doesn’t appeal even if some women I meet are incredulous that someone could “survive” without it.

    So maybe I’m missing something here but isn’t this just a hurdle more than anything else to an attacker that can be easily outsourced? What I mean is if someone hijacks an account cannot they just outsource the verification using another phone number that they supply?

    I mean I’ve seen virtual mobile numbers as low as 0.05 USD each and at that price it’s not really going to hold a determined attacker back.

    Unless I’m missing something of course.

  4. This security measure would be easy enough to spoof. More people know my cell phone than my email.

    It really does sounds more like a way to get your phone number than to secure your account.

  5. Great! When this too blows up in Facebook’s face, they’ll be able to blame an intern!

  6. That’s one of my favourite quotes from “noted security curmudgeon” Schneier.

    “noted security curmudgeon” is my new favourite quote about Schneier.

    • Labelling Mr. Schneier a ‘curmudgeon’ is a level of disrespect I don’t expect from you, Mr. Krebs.

      • Anon, just a year or so of reading posts by Brian Krebs leads me to believe that he meant no disrespect to Mr. Schneier. In fact, after reading some of the comments on other sites (including the one Brian links to above), where people are just flat-out offering to give up their private information for a chance to interact online with other people through online social services, and claiming that security experts like Mr. Schneier (and Mr. Krebs) are “selling fear” for profit, I’m feeling rather curmudgeonly myself.

      • No disrespect meant at all. I value Bruce’s opinions on all things security-related, and meant that in the most affectionate way possible. What’s more, I don’t think he’d argue with the title. 🙂

  7. soooooooo on top of all the personal info. FB collects about you they’ll now have your mobile ph#? I’d rather risk having somebody hack my account that is void of all personal info. and if they want to mess with my LOLCats links they’re welcome to it.

  8. I gave them my number for “Login Approvals.” But not my real, everyday iPhone number…I added a “DumbPhone” to my family plan. For $10.99 extra a month – I have an additional line just for “social networking!” Imagine that!

    As far as Bruce Schneier featured as a “curmudgeon” – huh, Bruce resembles that well! He is on my daily security read-a-thon (along with Brian) highly respected security experts 🙂

    BTW, Brian can be quite the “curmudgeon” too. Imagine that!

  9. I’ve never used fb or twitter, sometimes I may feel as if I am missing out on something, but not often.

    The hardest thing I’ve found about not being on these ‘services’ is convincing others that I’m not, some, like my gf and my boss, seem to take it as an insult.

    • I heard a statistic that 600 million people are on FB … translation several billion are NOT.

      There are people who (falsely) assume EVERYONE is on a particular service, so they react like a co-worker who gets a phone survey she is not interested in responding to.
      Survey “What is your favorite TV show?”
      Co-worker “We do not have a TV set in our house.”

      When we look at national statistics, it is plausible that a handful of households do not have a TV set, but generally when we hear someone saying like my co-worker, the natural assumption is they are telling a lie.

      There are people on some networks, who assume EVERYONE is on those networks, EVERYONE has a mobile phone, EVERYONE has certain other things, which is not true. Then when someone says they are not, the second assumption is that the person must be lying.

  10. lastpass + yubikey = you don’t want to guess my password I don’t even know it.

  11. I guess its a matter of personal preference..this feature should give protection for at least to those Facebook savvy users

  12. Totally crazy. Even my former colleagues are either “clueless” or totally assimilated into Facebook. In general with social media what I see is communication has ground to a halt.

    It’s all just cognitive dissonance. So trying to get through the noise to help people understand what is going on is next to impossible. They don’t want to listen.

    Thats the biggest problem with “consumers using the internet these days”. They think since they have been surfing the web for a few years and have a Facebook thing going they know it all.

    Not good.

  13. i tried to enter my cell phone (tracfone) on facebook prompt. now when i try to open my facebook page, i’m asked to enter my cell phone – however i did receive a facebook confirmation code. right now i can’t access facebook – any suggestions on what i need to do

  14. FB doesn’t have enough personal info from people? Now they want your phone number?? Anyone who gives it to them isn’t very smart, security my A$$! F— Facebook!!