Facebook can now send a temporary account password to your mobile phone, for when you're on an untrusted computer. It's a nice idea, but dangerous for the millions of Facebook users who don't know about it.
Facebook's new "One Time Password" feature, announced this afternoon, is actually pretty cool, at least in concept. The idea is to allow people to use shared internet kiosks more securely by texting them a password that expires after 20 minutes. That way, even if the kiosk is infected with software recording the passwords you enter, nothing useful can be harvested from it. The trouble is, anyone who finds your cell phone, say in a bar, has an easy way to get access to your Facebook account. The solution is to unlink your cell phone from your account as soon as it's lost, but you'll only do that if you know this new password-to-phone feature exists in the first place. Which is why Facebook should probably being spreading the word more aggressively than with a single blog post.