Facebook Is Eroding Trust in Two-Factor Authentication

The latest privacy scandal goes beyond the platform

Eric Ravenscraft
OneZero

--

Photo by Thought Catalog on Unsplash

TTwo-factor authentication, 2FA for short, is billed as the best way to keep your account secure even if a hacker nabs your password. Users are told that they must — must! — enable 2FA if it’s an option, which an increasing number of websites now offer. The most popular, though least secure, 2FA uses SMS, whereby a company texts a short code to your phone number after you enter your password. This means you have to trust the company in question with your phone number in order to gain that extra bit of security. But it turns out that Facebook may not be worthy of that trust.

Last year, TechCrunch revealed that the social network abused phone numbers that users had uploaded to enable 2FA by allowing advertisers to target content against them. And this week, Emojipedia founder Jeremy Burge discovered that Facebook also allows other users to find you by typing in the phone number you uploaded for 2FA purposes. There is apparently no way to turn this feature off. If you want the added security benefit of 2FA using your phone number, you have to allow the social media giant to share that number.

The troubling revelation kicked off a week in which Mark Zuckerberg published a long essay detailing his new vision for…

--

--

Eric Ravenscraft
OneZero

Eric Ravenscraft is a freelance writer from Atlanta covering tech, media, and geek culture for Medium, The New York Times, and more.