Experts: Facebook’s One-Click Login Is A Major Security Risk

Have you ever forgotten your Facebook password? If you have, there’s a good chance you received an email from the company featuring its One Click login feature. It’s not widely known, but Facebook sometimes sends an email to dormant users that lets them log back in to their accounts with one click — and no real security measures. And, according to experts, that could create serious issues.

Many users are confused by these emails, which appear to be sent from a suspicious source. (They arrive from an email address named “”.) And while these communications aren’t an actual scam, they do pose a security risk. For instance, it’s unclear when the One Click link expires, and experts advise this sort of reset expires within minutes. There’s also no way for Facebook to know if the email address they have on file is still valid, or if someone else could have access to the account. All in all, experts say, the practice violates a host of common-sense privacy measures.

“Sending a single-click login link via email is bad enough but also sending that email unsolicited is an extremely poor security practice,” security consultant Mark Burnett told The Ringer. “These emails go against all of the best practices we in the security industry have for years tried to instill in companies.”

It makes sense that Facebook wants to reengage users who have stopped logging in to the platform, but there has to be a better — and safer — way than this.

Recommended Resources

bitdefender Bitdefender 2019 solutions stop attacks before they even begin. Try 90 days free of Bitdefender Total Security 2019

PIAPrivate Internet Access is an award-winning, cost-effective VPN solution. The use of an anonymous and trusted VPN is essential to your online privacy, security and identity protection.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!

Facebook Backtracks On Privacy Promises For Portal Device Previous post Facebook Backtracks On Privacy Promises For Portal Device Facebook Reportedly Wants To Buy A Cybersecurity Firm Next post Facebook Reportedly Wants To Buy A Cybersecurity Firm