Facebook Security: Use One-Time Passwords to Keep Bad Guys Out

Some Facebook users access Facebook using a variety of computers, some of which they do not own. If you are at the library and want to ask a question of your teacher or fellow students, you can use a library computer to log into Facebook and ask your question. If you are visiting a friend’s house and want to share a photo you just took with your friends on Facebook, you can log into your Facebook account and upload the photo. You may just be hanging out at a cafe and want to check into Facebook to see what’s going on. You can use the cafe’s computer to check in at Facebook. But have you thought about that computer on which you are logging into Facebook?

Not every computer is safe to use. Personal computers are the targets of spammers and attackers and are often hosts to malicious software. Malware known as “keystroke loggers” can record every character you type on the keyboard, including all of the ones for your online account usernames and passwords. Once collected, those usernames and passwords can be used to access your online accounts without your permission, and perhaps without your knowledge. Keystroke loggers and other malicious software can be “installed” by deceiving the user or using vulnerabilities in software on the computer. Users can be tricked into installing software that appears to be legitimate but is not. Other types target and exploit weaknesses in the software of the web browser, an extension or plugin, or even the operating system itself.

One-time passwords are a way of authenticating yourself to a system through the use of a single-use secret that is specific to you and may have a limited time period of validity. In other words, you have two passwords. One that you know. One that is generated for you or sent to you. You have to have both passwords to log in. Some one-time password systems involve the creation of one-time passwords through a software tool, having a printed list of passwords that you carry with you, or a small hardware device that displays a new series of numbers every minute.

Facebook’s one-time password system uses your mobile phone and its text message capabilities. When you need to log into Facebook on a public computer or someone else’s, you send a text message to Facebook and within a minute or so you will receive a message back with a six-digit number, which is your one-time password. This password is valid for twenty minutes. In order to use the Facebook one-time password system, you will need to register and verify your mobile phone with Facebook first. This is necessary to prove that you are the owner of the phone number for your mobile phone.

Facebook also added the ability to generate the one-time password using the Facebook Mobile App. I’ll cover that App in a future article.

Enabling One-time Passwords

Setting up your Facebook Account to use the Facebook One-time Password system requires that you have a registered mobile phone with Facebook. I cover registering your mobile phone in another article. Once you have that configured, you can request one-time passwords from Facebook when you need to log into a computer that you do not own.

Requesting a One-time Password

Here is how to request a one-time password to log into Facebook from a public computer or someone else’s computer:

  1. Use your registered mobile phone and send a text message with the message “otp” to 32665 (“FBOOK”), which is the SMS short code for Facebook. Within a minute or so, you should receive a text message in reply with a one-time password.

    The One-time Password you receive should be entered into the Password field instead of your password.
  2. Go to the Facebook login page. Enter your Facebook email account username and the 6-digit one-time password into the password field. If you entered everything correctly and within the twenty minute time period, you should be logged into Facebook.

One-time Passwords Considerations

One-time passwords reduce the likelihood that your Facebook password will be captured by spammers or attackers, but there are some things to keep in mind.

  1. Any computer can be untrustworthy, including your own. Your best defense is to make sure your computer has the latest software updates installed and that your anti-virus software is updating daily and scanning the system regularly. Always install the updates when prompted and enable auto-updates, if available. Does this mean that you should use one-time passwords on your own computer? The answer might be “yes” if you have not applied updates in a while or have no anti-virus software installed.
  2. Sometimes the Facebook One-time Password system may not send a response quickly after you request a one-time password. Be patient. They usually arrive within a minute.
  3. The one-time passwords that you receive from Facebook over SMS are valid for twenty minutes. If you request one and are not able to log in before the twenty minutes are up, just request another one.


Check our guide: Own Your Space, “A Guide to Facebook Security

Facebook Extra Security Features

, ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: