Facebook removes two-factor authentication mobile numbers from search
Mobile phone numbers used for Facebook's 'Login Approvals' account security feature are no longer searchable through the website
IDG News Service - Facebook users who have associated a mobile phone number with their accounts in order to enable the "Login Approvals" security feature can no longer be found on the website based on those phone numbers, the company said Monday.
Facebook's search system provides reverse lookup functionality that allows users to find other people on the website by searching for their phone numbers or email addresses instead of their names.
"As we constantly iterate on our security tools to better protect our users, we have disabled the reverse lookup functionality for those using Login Approvals until we can provide new systems to make this functionality optional," a Facebook spokeswoman said Monday via email.
Facebook "Login Approvals" is a two-factor authentication feature that requires users to input special codes sent to their mobile phones in addition to their regular passwords when attempting to authenticate from a new device. The feature is designed to prevent account abuse in cases where the user's password is compromised.
The new restriction only applies to mobile phone numbers used for two-factor authentication, not every phone number added by users in the "Contact Info" section of their profile pages, the Facebook spokeswoman said.
Last week, Facebook limited the rate at which phone numbers can be searched on its mobile website in order to block a phone-number harvesting method disclosed by a security researcher.
Suriya Prakash, an independent security researcher from India, publicly reported on Oct. 5 that Facebook's reverse lookup feature can be abused to search for thousands of sequential phone numbers in order to find any Facebook profiles associated with them.
Users can associate multiple phone numbers with their Facebook accounts and can specify if they should be visible to the general public, their friends or only to themselves. However, restricting who can find them on the website by searching for those phone numbers is done from a different option under "Privacy Settings" > "How You Connect" > "Who can look you up using the email address or phone number you provided."
The default setting for this option is "Everyone," but it can be changed to "Friends" or "Friends of Friends." There is no option to disable it completely.
The search restriction for "Login Approvals" phone numbers is temporary and the company is working on implementing a system that will allow users to decide if they want to make them searchable. However, the company did not clarify whether the upcoming system will allow users to prevent other people from finding them based on any of the phone numbers they added to their profiles.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!