Users Fuming at Facebook's SMS-Based Two-Factor Authentication System
When security specialists talk to users, they often encourage them to secure their social media accounts with two-factor authentication (2FA). 2FA works by requiring an additional code upon login in order to verify that it's really you. In Facebook's case, this code could be generated by a special USB key, it could be provided by a dedicated 2FA app, or it could be sent as an SMS by Facebook themselves.
Users are often reluctant to give big tech companies like Facebook their mobile phone numbers because of privacy concerns. For a while now, security experts have argued that if you enable SMS-based 2FA, the social networks won't use your number for anything else other than making sure that your account is safe. They're now forced to eat humble pie.
Gabriel Lewis, a software engineer, was the first person to share his experience with Facebook's 2FA system. He opted for the SMS-based authentication, thinking he'll only receive texts when he (or someone else) tries to log into his Facebook account. At some point in late January, however, he also started receiving notifications about what his friends were sharing. This, he says, is something he never agreed to.
Worse still, when he tried to stop the annoying texts by replying to the SMS with "DO NOT TEXT ME," his reply automatically ended up on his personal timeline.
Quite a few people saw Lewis' Twitter thread and tried it for themselves. They all realized that the software engineer isn't the only one affected by this. Gizmodo's Kate Conger reported that she's actually had the problem for a while now, and she also said that the number of texts has increased over the last few months.
A couple of questions pop up immediately: "Can Facebook's text messages be classified as spam?" and (this one is a true classic) "Is it a bug or a feature?"
The first one is pretty straightforward. All the people that tried Facebook's 2FA system say that they were never informed about the forthcoming barrage of notifications. In that respect, while you might actually be interested in what your uncle has shared, the texts can still be classified as "unwanted" and therefore, spammy.
The second question is a bit trickier. When the Verge asked Facebook about it, a representative said that the company is "looking into this situation", which is what most organizations say when they're dealing with a bug. Then again, security specialists and privacy advocates argue that these things don't happen by accident, and that Menlo Park's accountants and PR people are simply trying to win some users back.
If that's the case, there are definitely better ways to do it, and Mark Zuckerberg's people should know it.
What happened certainly isn't good for Facebook's reputation. Worse still, people sitting on the fence about 2FA as a whole could be pushed the wrong way. And they shouldn't be. There are other ways of making the system work without giving your phone number away. Be sure to check out the rest of the options and save yourself a ton of headaches by enabling two-factor authentication not just on Facebook, but on all the services that provide it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.