Monday, 6 May 2013

Facebook 'Trusted Contacts' Needlessly Complicates Security

 



Trusted-contacts

 


 


 


Facebook announced earlier this week a new feature called “trusted contacts” to help you get back into your account when locked out. Although it’s intended to make life easier by leaning on a few friends when you’re in need of re-entry (think lending out your spare house keys), the concept is a handful. In fact, you’ll need a special code from each of your trust contacts (about three to five people) to get back into your account.


 


In theory, this sounds like a strong way to triple-lock your account and prevent anyone from entering, but how is this any better than remembering the answer to a few security questions or using Facebook’s existing two-factor authentication feature?


 


First, here’s a rundown of how “trusted contacts” works: If you’re ever locked out of your account, Facebook will send a code to your chosen list of three to five friends. To gain access to the account again, you need to enter at least three of those codes into a prompt. Theoretically, this will prevent hackers from breaking in. With that in mind, Facebook actually recommends calling these friends to get the codes because you wouldn’t want an impersonator sweeping in via email or chat to access your account.


 


 


 


But there are a few problems. To start, you’re banking on the ever-accessibility of your friends. What if one of your trusted contacts is out of town for the weekend or is otherwise unreachable? The beauty of the Internet — and now storage in the cloud — is the fact that you can retrieve information without relying on anything or anyone else. Sure, giving a set of keys to a trusted neighbor is good practice if you’re ever locked out, but in this increasingly connected and digital world, don’t you just wish you could securely unlock the front door remotely and not have to involve the neighbors (or the whole neighborhood, for that matter) to get back in?


 


In this case, Facebook is blending old-school methods of relying on friends with digital security. But not only is this an inconvenience to your closest friends — at least three, in fact — there’s also the problem of getting in touch with someone who might not be around when you need them.




 


“While you may trust your friend from pre-school who is on sabbatical in Borneo, it might be a better choice to select the people you know that you’ll be able to reach,” Facebook told me.



 


“While you may trust your friend from pre-school who is on sabbatical in Borneo, it might be a better choice to select the people you know that you’ll be able to reach,” Facebook told me.


 


Does this mean each time a trusted contact goes out of town, they need to let you know or you should just pick friends that just don’t get out much? And what if you lose touch with a friend or they even die? Facebook says you’ll need to report the issue with the site and select a new contact. Again, more legwork on your part.


 


Keep in mind this is just an option. You can still answer security questions and thankfully, use two-factor authentication. Facebook rolled out two-factor authentication — an increasingly popular security method, which adds an extra layer of security to an account besides a password. If you log onto an account from a device the service doesn’t recognize, it will then send you a text or voice message with a code that needs to be entered before access is granted, just to make sure it’s actually you.


 


What’s surprising about this secure method, however, is that many people aren’t aware Facebook even has two-factor authentication. You would think the company would spend time informing users about how to sign up rather than rolling out “trusted contacts,” which seems like more of a hassle and involves way too many people. Instead, Facebook should focus its efforts more on its more reliable, proven two-factor method, rather than an entire new system which makes users jump through hoops.


 


 


 


Twitter users have long asked for two-factor authentication to come to the micro-blogging site, which has experienced a series of high-profile hacks in the past year. Facebook should make the most of the feature that many other services need.


 


 



Facebook 'Trusted Contacts' Needlessly Complicates Security

No comments:

Post a Comment