Application security, Compliance Management, Privacy

Facebook 2FA no longer requires a phone number

Facebook has unveiled a new and less intrusive method for its users to set up two-factor authentication for their accounts by eliminating the need to register a phone number.

Facebook has two-factor authentication in place and will continue to offer users the choice of using a phone number as the second factor, but going forward a second choice has been added to the process that asks if the person would like to use the Google Authenticator or Duo Mobile apps on desktop and mobile to receive a login code.

That login code is then used as the second authenticator in the Facebook login process. Two-factor authentication can be set up from a user's settings page.

Facebook user account and login data has been compromised several times over the last few years. In April social media data aggregation firm LocalBlox left an AWS bucket misconfigured revealing 48 million records gleaned from publicly available data on Facebook, LinkedIn and Twitter profiles. Facebook CEO Mark Zuckerberg told his customers that most Facebook users should assume their public data has already been scraped from their profiles through the illicit use of the site's search and account recovery tool, which has since been removed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.