Facebook hit with criticism over handling of two-factor authentication data

Facebook hit with criticism over handling of two-factor authentication data

Facebook hit with criticism over handling of two-factor authentication data

But the recent report of Tech Crunch suggests that Facebook lets anyone to look at user profiles, and as a result, the contact number entered for the 2FA is not truly secured.

But by signing up to the feature, a user's phone number becomes linked to their profile.

During the process, the setting is available to choose from the three options whether, "everyone", "friends of friends", or "friends" can manage your phone number this way, there is no alternative to options out entirely. Even if a user changes their privacy settings so that only "friends" or "friends of friends" can browse through profile, the company's default settings automatically allow everyone on the Internet to find the profile using the phone number.

2FA or the Two-factor authentication is a security measure that requires your phone number so as to make sure that it is you who is making a log-in attempt on a different device or from a different location. By default, once your mobile number has been added to your account for two-factor authentication purposes, Facebook enables anyone to search for you using it.

Users have taken to Twitter to complain that this means Facebook has been using people's phone numbers to help them find each other when uploading their contacts - and there is no way to opt out.

Just recently, Burge, the founder of Emojipedia, noticed that the number added for 2FA security made Facebook profiles searchable, 9To5Google reported. Two-factor authentication is an important security feature, and previous year we added the option to set it up for your account without registering a phone number. Once again, Facebook was using a phone number, which users provided for security, for their own financial gain. All phone numbers entered will apparently be automatically added to a person's Facebook profile. The company uses that unique ID, since it's tied to you, and can use it to sell ads, much as it does with everything else it knows about you. After adding the number Burge was unable to hide it, and it can be searched. It also looks like Facebook isn't going to allow users to opt out as its core business is run by ads.

This isn't the first time Facebook has been accused of using 2FA numbers for more than security. In response, Facebook said this practice isn't new.

As Burge also noted in a screenshot, he never provided his number to Instagram, yet was asked to confirm it just days after providing it to Facebook via two-way authentication. Before then, a phone number was the only mandatory option.

"Using security to further weaken privacy is a lousy move-especially since phone numbers can be hijacked to weaken security".

Related news