Facebook removes two-factor authentication mobile numbers from search
Mobile phone numbers used for Facebook's 'Login Approvals' account security feature are no longer searchable through the website
IDG News Service - Facebook users who have associated a mobile phone number with their accounts in order to enable the "Login Approvals" security feature can no longer be found on the website based on those phone numbers, the company said Monday.
Facebook's search system provides reverse lookup functionality that allows users to find other people on the website by searching for their phone numbers or email addresses instead of their names.
"As we constantly iterate on our security tools to better protect our users, we have disabled the reverse lookup functionality for those using Login Approvals until we can provide new systems to make this functionality optional," a Facebook spokeswoman said Monday via email.
Facebook "Login Approvals" is a two-factor authentication feature that requires users to input special codes sent to their mobile phones in addition to their regular passwords when attempting to authenticate from a new device. The feature is designed to prevent account abuse in cases where the user's password is compromised.
The new restriction only applies to mobile phone numbers used for two-factor authentication, not every phone number added by users in the "Contact Info" section of their profile pages, the Facebook spokeswoman said.
Last week, Facebook limited the rate at which phone numbers can be searched on its mobile website in order to block a phone-number harvesting method disclosed by a security researcher.
Suriya Prakash, an independent security researcher from India, publicly reported on Oct. 5 that Facebook's reverse lookup feature can be abused to search for thousands of sequential phone numbers in order to find any Facebook profiles associated with them.
Users can associate multiple phone numbers with their Facebook accounts and can specify if they should be visible to the general public, their friends or only to themselves. However, restricting who can find them on the website by searching for those phone numbers is done from a different option under "Privacy Settings" > "How You Connect" > "Who can look you up using the email address or phone number you provided."
The default setting for this option is "Everyone," but it can be changed to "Friends" or "Friends of Friends." There is no option to disable it completely.
The search restriction for "Login Approvals" phone numbers is temporary and the company is working on implementing a system that will allow users to decide if they want to make them searchable. However, the company did not clarify whether the upcoming system will allow users to prevent other people from finding them based on any of the phone numbers they added to their profiles.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts