2FA-Another Facebook Headache

By:  |  Category: Blog Tuesday, March 5th, 2019  |  No Comments

Doubling up on your social media security? Unfortunately, it may be working against you. On Facebook, two-factor authentication using your phone numbers as verification isn’t so secure.

Facebook is simply tanking in the trust department.

Two-Factor Authentication a Trap?

Sadly, the phone number you hand over to Facebook to help keep your data safe from potential hackers isn’t just being used for security. A tweet thread from Jeremy Burge, creator of Emojipedia, on Friday explained that people can find your profile from that same phone number, and you can’t opt out of that setting.

According to CNET, this is on the heels of the last privacy violation, when Facebook said it stopped allowing people to search for profiles by phone numbers, and then all of five months later Gizmodo foundthat the phone number being used for 2FA was also being provided to advertisers for targeted posts.

The bad news is: Using your phone number for two-factor authentication, or 2FA, is susceptible to hacks. 

Say what? Seriously Facebook, could you sell us out any more? Recent noteworthy Facebook finds: A personality quiz ended up giving an analytics firm in the UK personal data from you and your friends. Another security flaw allowed up to 1,500 app developers to see the photos of 6.8 million people. And now, a security feature provides a way for advertisers and strangers to find you with your phone number.


All this while lawmakers and regulatory agencies continue to question Facebook’s privacy practices.

The exploitation of users’ phone numbers with targeted advertising and searches pits security and privacy against one another. You can’t sell targeted ads on a phone number used to authenticate a user.

“If people feel like they can’t trust the tools they use when they try to do things that are good for their security, they just stop doing it,” said Jessy Irwin, head of security at blockchain company Tendermint. “There should be some things that are treated as sacred, especially when we talk about improving account security.”

The poor methodology also drew criticism from Alex Stamos, Facebook’s former chief information security officer.

Facebook “can’t credibly require 2FA for high-risk accounts without segmenting that from search & ads,” Stamos said in a tweet on Saturday.

Facebook didn’t respond to a request for comment.

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
5 Ways to Stay Safe Online

With spoofing, smishing, scams, malware and more, the Internet can feel like the Wild Wild West these days. Add in...