Locked out of Facebook? Your friends can help!

Facebook has announced two new features to try and improve the security of your account. The first, entitled Trusted Friends, allows you to designate three to five friends that can unlock your account for you if you forget the password. The other less interesting feature, called App Passwords, lets you assign a unique password to Facebook apps.

With Trusted Friends, if you lose your Facebook password you can have codes sent to your friends that let you access your account. What isn’t spelled out is whether you need all of the codes from your friends to unlock the account or if a single code will work. While this is being touted as a way to access your account if you lose both your Facebook and email account, this seems more like a backdoor to let intruders into your account. Even if all of your friends need to send you their codes to access the account, you’re still trusting that they are going to be secure themselves. Anytime you have a backdoor into an account, you end up weakening security, not strengthening it.

There’s even less details about App Passwords. The concept is sound: Don’t share your Facebook password with 3rd party applications. The actual implementation is still vague and given the company’s security track record, who knows if it will work as intended.

Interestingly enough, the security infographic that Facebook released seems to be using the term Guardian Angels instead of Trusted Friends.

Report a problem with article
Previous Story

Blackberry leaked videos show a cool mobile future

Next Story

Motorola Xoom only shipped 100,000 units in Q3 2011

20 Comments

Commenting is disabled on this article.

Not too sure on the point of this? If you get locked out don't you just send a password reset?

Will probably take less time, than texting,ringing or IM your friend, then for them to log in and somehow find this option to reset your account.

And why did they take away many privacy settings that were there previously? Less control over what you share is bad bad bad.

Not too sure on the point of this? If you get locked out don't you just send a password reset?

Will probably take less time, than texting,ringing or IM your friend, then for them to log in and somehow find this option to reset your account.

Yikes! I'm so glad I deleted my profile. They just seem to be getting worse and worse.

I'm pretty sure that you'd need two out of the three codes. this way one of your friends could be dead/afk and you won't be affected.

:: Lyon :: said,

Don't have any trusted genuine friends on Facebook and real life? O_o hehe

Doesn't understand the use of a reply button? O_o hehe

On topic, in theory a good idea, in practice this is a s*** storm waiting to happen.

If you need all codes from the trusted friends to work, then it would be much more secure. There's a small chance all of your trusted friends would get hacked at the same time

:: Lyon :: said,
If you need all codes from the trusted friends to work, then it would be much more secure. There's a small chance all of your trusted friends would get hacked at the same time

You do need all the codes, it seems teh original aurthor didnt check the link fully. In the image below "We have sent codes to the following trusted friends. Please contact 3 of them to check their emails and enter the codes below"
https://fbcdn-sphotos-a.akamai...885_8259927_510947966_n.jpg

Xoligy said,

You do need all the codes, it seems teh original aurthor didnt check the link fully. In the image below "We have sent codes to the following trusted friends. Please contact 3 of them to check their emails and enter the codes below"
https://fbcdn-sphotos-a.akamai...885_8259927_510947966_n.jpg


I did see the image, but it's worded very poorly and thus not extremely clear. Specifically it says, "Please contact 3 of them to check emails or Facebook web page and enter the code below." It only talks about one code. In addition, the grammar is really poor so I don't think it's a final screen.

I'd hope you need all of the codes - but that's still not helping security any... Why not require a second email address, a cell phone number, or the like instead...? At least it's something that's entirely in your control as opposed to hoping your "friends" don't get together to hack your account as a joke.

Oh nice so when one of the techno-weenies gets hacked their account will be able to hijack their friends accounts. I can see this working like dominoes. Next thing you know 95% of Facebook is under bot control.

Actually this might be a good thing. The intelligence of the posts will be increased in many cases.