Facebook removes two-factor authentication mobile numbers from search
Mobile phone numbers used for Facebook's 'Login Approvals' account security feature are no longer searchable through the website
IDG News Service - Facebook users who have associated a mobile phone number with their accounts in order to enable the "Login Approvals" security feature can no longer be found on the website based on those phone numbers, the company said Monday.
Facebook's search system provides reverse lookup functionality that allows users to find other people on the website by searching for their phone numbers or email addresses instead of their names.
"As we constantly iterate on our security tools to better protect our users, we have disabled the reverse lookup functionality for those using Login Approvals until we can provide new systems to make this functionality optional," a Facebook spokeswoman said Monday via email.
Facebook "Login Approvals" is a two-factor authentication feature that requires users to input special codes sent to their mobile phones in addition to their regular passwords when attempting to authenticate from a new device. The feature is designed to prevent account abuse in cases where the user's password is compromised.
The new restriction only applies to mobile phone numbers used for two-factor authentication, not every phone number added by users in the "Contact Info" section of their profile pages, the Facebook spokeswoman said.
Last week, Facebook limited the rate at which phone numbers can be searched on its mobile website in order to block a phone-number harvesting method disclosed by a security researcher.
Suriya Prakash, an independent security researcher from India, publicly reported on Oct. 5 that Facebook's reverse lookup feature can be abused to search for thousands of sequential phone numbers in order to find any Facebook profiles associated with them.
Users can associate multiple phone numbers with their Facebook accounts and can specify if they should be visible to the general public, their friends or only to themselves. However, restricting who can find them on the website by searching for those phone numbers is done from a different option under "Privacy Settings" > "How You Connect" > "Who can look you up using the email address or phone number you provided."
The default setting for this option is "Everyone," but it can be changed to "Friends" or "Friends of Friends." There is no option to disable it completely.
The search restriction for "Login Approvals" phone numbers is temporary and the company is working on implementing a system that will allow users to decide if they want to make them searchable. However, the company did not clarify whether the upcoming system will allow users to prevent other people from finding them based on any of the phone numbers they added to their profiles.
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- AIIM Trendscape: The New Mobile Reality This AIIM Trendscape report shares data, expert opinions, and a unique perspective on the impact of cloud and mobility in the enterprise, surfacing...
- Empowering Your Mobile Workers A modern mobile IT strategy is no longer an option, it is an absolute necessity. Here's how some of the nation's most progressive...
- Why do you need an enterprise mobile platform? Today companies must offer great apps that run on a range of devices, and connect to an exploding set of backend data. Appcelerator...
- Technology for Everyone A Kansas school district modernizes teaching and learning and paves the way to a one-to-one program with a comprehensive upgrade of its wireless... All Mobile/Wireless White Papers | Webcasts