Facebook simplifies Android SMS verification
Facebook has rolled out a new system aimed to make logins easier for its users and, by extension, its ad partners. The latest developer Account Kit SDK now includes instant verification, a two factor system that lets you skip the usual drill of receiving an SMS and then entering a code. When you attempt a Facebook login for a third-party site and enter your phone number, “we attempt a match with the verified phone number listed on the person’s Facebook profile,” the company said in its developer blog.
The system only works if you’re logged into the Android Facebook app on the same device. If so, it can verify without sending a one-time password via SMS, and if not, you’ll receive a text on your smartphone and will need to enter it on the other device. “This feature is used only to improve the verification process in a secure way and no additional Facebook information is shared with the app,” the social network adds.
Instant verification produces a 97 percent conversion rate, making it highly likely that users will successfully log in to partner sites. Facebook ads that it’s particularly useful “in areas of the world where SMS delivery is not reliable.” Citing partner Familonet, it says the instant verification method boosted conversion rates by five percent.
That’s a nice convenience for Facebook’s users and partners, but is it secure? Instant verification still relies on SMS, which isn’t exactly a panacea, as the US government recently said. The alternative is custom apps that generate much more secure codes like Google’s Authenticator, or even hardware dongles that work in a similar way. For now, it’s still the best bet for keeping you secure, along with a non-terrible password.