Indian Users Face Security Risk on Facebook

Rohin Dharmakumar
Updated: Aug 30, 2012 06:55:10 PM UTC

Update: @prsng on Twitter pointed out that Facebook users in other countries too were missing two-factor authentication. So it does look like a more widespread issue.

In May 2011 Facebook announced that it was introducing "two-factor authentication" for its users.

Two-factor authentication is an added security feature that uses a second 'factor' to validate a user's credentials by (usually) relying on a physical device only she possesses. Online banking users know this as the 'one time passwords' that are sent to their mobile phones to confirm a transaction.

But Forbes India has discovered that the feature has been deactivated for most of Facebook's 46 million users in India, the country with the third highest number of users for the social networking service after the US and Brazil.

In doing so Facebook has not only put millions of its Indian users at a higher risk of getting their accounts compromised to hacking or phishing attacks, it also is going against the trend among other technology companies.

For instance on August 27th Dropbox, the wildly popular online file storage service announced that it was introducing "two-factor authentication" for its users after the embarrassing incident in July when hackers managed to get access to a number of Dropbox usernames and passwords, including an employee too.

Many of Facebook's peers have also introduced two-factor authentication, like Google in February 2011 and Yahoo! in December 2011.

But as hacking incidents have become more severe and frequent over the last few years, over 100 million passwords have been compromised globally according to this exhaustive article at Ars Technica.

So it's intriguing that Facebook would turn the clock back for its Indian users on what is now considered an essential security measure.

Facebook sources would not comment on record on the reasons behind their move, but hinted at issues with SMS delivery in India being the culprit.

Now most 'B2C' (when a business wants to message a consumer) SMS delivery is done through intermediaries like ValueFirst, ACL Mobile, Air2Web and SMSGupshup.

These intermediaries charge businesses anywhere from 1-2 paisa per SMS in case of 'transactional' messages and between 6-10 paisa for 'promotional' ones. An industry expert who did not want to comment on record said the bulk of Facebook's messaging in India was being done through SMSGupshup and Tata Teleservices.

The same source also wondered why Facebook would be facing issues around SMS delivery when practically no other major business, from banks to technology companies like Google and Yahoo!, are reporting any such thing.

Even if SMS delivery were indeed the case, it still doesn't explain why Facebook's alternative method to make two-factor authentication work, the 'Code Generator' feature within it's Android app, also does not work for Indian users?

Facebook couldn't provide a reason why even 'Code Generator' wasn't working in India.

The thoughts and opinions shared here are of the author.

Check out our end of season subscription discounts with a Moneycontrol pro subscription absolutely free. Use code EOSO2021. Click here for details.

Post Your Comment
Required
Required, will not be published
All comments are moderated