Facebook’s one click login isn’t that safe at all
So the other day I was checking my email at work and noticed that Facebook has logged me out because I cleared my history, cache, browsing sessions etc
Then next thing I knew, Facebook has sent me an email asking me to login with one click. Just one click.
Next I did just exactly that and noticing that I didn’t even have to input my password and worked ASAP except I need to enter the 6 digit code from my 2-factor app.
Other than that, it proceed as blow screenshot which can be a risk.
Well, so save browser basically remembers your computer bit like Microsoft’s don’t ask me on this computer again or Steam’s friendly PC name which also remembers your PC.
The problem is once you hit save browser and continue, you’re telling Facebook to remember that PC unless you are in different location or cleared cookies so they don’t remember you which means without 2-factor, anybody who has access to your email can simply just login to your Facebook with one click.
Now with that being said, that person may able to change your email, change your password, messaging random person, add extra recovery email so they can login if they failed to guess your password.
And the questions, why does Facebook even adding this feature in the fist place?