Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Identity and Authentication Services

Some additional "Social Security"

Created: 15 Oct 2010 • Updated: 08 Aug 2012 • 4 comments
chalcon's picture
0 0 Votes
Login to vote

facebook logo.jpg

This week Facebook announced that they have begun rolling out one-time passwords (OTP) to their users as an added layer of security. Facebook is providing OTPs to help protect its users while on public computers like those at coffee shops, libraries, hotels and airports. For Facebook users looking to take advantage of this, they'll need to have a mobile phone number in their Facebook account and by texting "otp" to 32665 they will receive a one-time use password that last for 20 minutes.

For quite some time VeriSign, now part of Symantec, has been educating consumers and enterprises on the need and value of OTP. Our cloud-based VIP Authentication Service allows enterprises to secure online access and transactions and reduce fraud risk. Let's face it, a username and password provides absolutely no security but that's exactly what most people are currently using and relying on to protect their data.

A recent survey points to some interesting and somewhat scary password related statistics including:
• 4 in 10 survey respondents stated that they shared passwords with at least one person in the past year.
• Nearly as many people use the same password to log into multiple Web sites, which could expose their information on each of the sites if one of them becomes compromised.
• 2 in 10 surveyed have used a significant date, such as a birth date, or a pet's name as a password - information that's often publicly visible on social networks.
• 14 percent never change their banking password.
• 30 percent remember their passwords by writing them down and hiding them.

One thing to consider is that the Facebook OTP offering only works with Facebook. What about the other websites you visit and login to everyday? One of our goals has been to eliminate the need for multiple OTP credentials by providing a unified strong authentication token that can be used across multiple services. Our VIP Network is a great example of how one OTP credential can be utilized across a number of websites. The VIP Network Members include eBay, PayPay and Geico just to name a few.

So what does it all mean? The Facebook OTP announcement is yet another proof point that strong or two-factor authentication is not only valuable but it has become a necessity to help protect anyone logging on to a website or network that contains personal or sensitive data. Cyber criminals are out there with the simple goal of stealing your personal and/or work related information and most people are currently making it a very easy and lucrative proposition for them. Thinking that the "username and password" system provides enough protection is like thinking that a screen door on a submarine will keep the water out. Neither of the two is very safe or secure.

To download a FREE VIP mobile OTP credential for your Android®, iPhone®, Windows Mobile®, BlackBerry® handsets or most of the devices using the Java 2 Micro Edition (J2ME) and BREW platforms, click here for more details.

Comments 4 CommentsJump to latest comment

Frank Michlick's picture

Thanks for this article, I wasn't aware Facebook had released OTP, but it seems to back a lot of sense for them.

I wanted to quickly comment on something else you write though:

[...] VeriSign, now part of Symantec [...]

I was under the impression that Symantec bought the security operations and products of Verisign, but the registry operations remain running under the name of Verisign itself.

Your statement seems to imply everything became a part of Symantec, could you please clarify?

Thanks,
/Frank

-3
Login to vote
Elissa's picture

yeah! it should be implemented. There's a lot of scam cases in facebook!

-1
Login to vote
bet365 italia's picture

Good day!This was a really superb subject!
I come from milan, I was luck to seek your topic in google
Also I get much in your topic really thanks very much i will come again

+1
Login to vote
chalcon's picture

Frank,

Thanks for reading and for your comments. For clarity that should have read the "VeriSign Authentication Services, now part of Symantec" as that is the group that was acquired by Symantec. The Naming Services business was not acquired and is not a part of Symantec.

Thanks,
VIP Team

+3
Login to vote