2FA-Another Facebook Headache

By:  |  Category: Blog Tuesday, March 5th, 2019  |  No Comments

Doubling up on your social media security? Unfortunately, it may be working against you. On Facebook, two-factor authentication using your phone numbers as verification isn’t so secure.

Facebook is simply tanking in the trust department.

Two-Factor Authentication a Trap?

Sadly, the phone number you hand over to Facebook to help keep your data safe from potential hackers isn’t just being used for security. A tweet thread from Jeremy Burge, creator of Emojipedia, on Friday explained that people can find your profile from that same phone number, and you can’t opt out of that setting.

According to CNET, this is on the heels of the last privacy violation, when Facebook said it stopped allowing people to search for profiles by phone numbers, and then all of five months later Gizmodo foundthat the phone number being used for 2FA was also being provided to advertisers for targeted posts.

The bad news is: Using your phone number for two-factor authentication, or 2FA, is susceptible to hacks. 

Say what? Seriously Facebook, could you sell us out any more? Recent noteworthy Facebook finds: A personality quiz ended up giving an analytics firm in the UK personal data from you and your friends. Another security flaw allowed up to 1,500 app developers to see the photos of 6.8 million people. And now, a security feature provides a way for advertisers and strangers to find you with your phone number.


All this while lawmakers and regulatory agencies continue to question Facebook’s privacy practices.

The exploitation of users’ phone numbers with targeted advertising and searches pits security and privacy against one another. You can’t sell targeted ads on a phone number used to authenticate a user.

“If people feel like they can’t trust the tools they use when they try to do things that are good for their security, they just stop doing it,” said Jessy Irwin, head of security at blockchain company Tendermint. “There should be some things that are treated as sacred, especially when we talk about improving account security.”

The poor methodology also drew criticism from Alex Stamos, Facebook’s former chief information security officer.

Facebook “can’t credibly require 2FA for high-risk accounts without segmenting that from search & ads,” Stamos said in a tweet on Saturday.

Facebook didn’t respond to a request for comment.

Leave a Comment
Read previous post:
5 Ways to Stay Safe Online

With spoofing, smishing, scams, malware and more, the Internet can feel like the Wild Wild West these days. Add in...