Facebook offers this option to locked-out users, but it seems that One Click is an alternative to the safer user-initiated model. It’s important, Burnett says, that the user initiated the request and that the link expires fairly quickly. Most login sites instead work like Tumblr, where those who can’t login enter the email address associated with the account and request a login link via email. indicate in the emails when the link expires but it would need to be much longer than normal - possibly several days or more - to give users a chance to respond.”īurnett says that it is rare for tech platforms to reach out to users who aren’t logging in-whether or not it’s because they forgot their password. Also, says Burnett, “While a single-click link may be a minimally acceptable way to login in some cases, the window for which that link is valid should be very small, measured in minutes. For one, Facebook wouldn’t know if the recipient’s email address is still valid, or if other people aside from the user can access it. “Sending a single-click login link via email is bad enough but also sending that email unsolicited is an extremely poor security practice,” Mark Burnett, a security consultant and author of Perfect Passwords: Selection, Protection, and Authentication, told me via email. (Facebook also asks users to let the company know if the unsuccessful attempt to login did not come from them.)Įverything about the One Click method seems scammy, from the email suffix to the password-less entry. The note is accompanied by a button that reads: “Log In With One Click.” Click it, and the user will be automatically logged back into Facebook. The email explains that Facebook has noticed the user was having trouble logging in. That tool is a helpful one, especially since users who receive a One Click access email from Facebook are greeted by the rather suspicious-looking “ address. The rep also pointed me in the direction of Facebook’s Security Settings page, where users can confirm whether or not Facebook has sent them an email. I didn’t receive answers to those specific questions, but after sending an example of a One Click email to the company, a representative confirmed it came from the social network. I reached out to Facebook to ask about when One Click was launched, and why. While One Click is in fact real and not a phishing scam, it is riddled with unsafe security practices-perhaps all in the name of driving Facebook user numbers. Experts say the hack will likely lead to a rise in phishing attacks. It’s a valid question, particularly in light of Facebook’s most recent security breach, wherein hackers used a bug in the platform’s code to gain access to millions of users accounts. While Facebook’s One Click feature isn’t new, it’s rarely talked about- save for confused users trying to look up whether it’s a scam. What most platforms don’t do is send cold emails to unsuspecting users asking them to log back in. And everyday, these sites respond to people’s “forgot password?” queries, using features like two-factor authentication to help log these poor souls back in. Everyday, on many different sites, people forget their passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |