Facebook’s two-factor authentication puts security and privacy at odds (cnet.com).
First: The phone number you give to Facebook to help keep your account safe from potential hackers isn’t just being used for security. A tweet thread from Jeremy Burge, founder of Emojipedia, on Friday showed that people can find your profile from that same phone number, and you can’t opt out of that setting.
And following up on it being found that 2FA was also being provided to advertisers on the platform for targeted posts. For sure, and you thought you could trust those social rascals with your phone number. Add to that that it’s been found that 2FA by SMS is susceptible to hacks and, well…
While using phone numbers for 2FA is better than having no security at all, it’s not as secure as using an authenticator app or a security key.
Which, with hackers able to intercept text messages containing your PIN code when you try logging in is why Google began shifting its 2FA method to its authenticator app instead, meaning you don’t need to use your phone number for that security feature anymore. And isn’t that a shame for the ad revenue purposes Fidiotbook was using it for incidentally.
SMS-based two-factor authentication is not safe—consider these alternative 2FA methods instead (kaspersky.co.uk, Oct. 2018).
Recent/related stories
- Leaked documents reveal Facebook used manipulative global lobbying to avoid regulation (Latest Picks 2nd March 2019)
- Germany rules Facebook needs to change the way it gathers data (Latest Picks 7th February 2019)
- Secretary of State for Health and Social Care Matt Hancock threatens to ban social media over teen’s suicide—and possibly bruised ego he is still baring (Blog 28th January 2019)