Facebook forces you to expose your phone number to the whole world in order to turn on two-factor authentication


Originally published at: https://boingboing.net/2019/03/05/privacy-security-choose-1.html


It definitely used to be required to provide a phone # for 2FA, but after I read about the whole kerfuffle this week I went ahead and removed my phone number (which disabled 2FA) and then went and set it up again using only my authentication app. It looks like my phone # is no longer associated with 2FA. So unless I’m mistaken, I don’t think this is a forced requirement anymore. Correct?


This is just evil. smdh

Oh and don’t forget to share this on FB!



Your account is still verified with the phone number. And they’re storing it, although it may or may not be searchable at this point. If you were to set up a new account and tried to enable an authenticator app it would refuse until you provided a phone number and verified.

The phone verification isn’t for your security (SMS is terribad for this purpose), it’s to make life more difficult for spammers by requiring them to get “real” phone numbers for verification. You can’t use a VoIP number either, those numbers are flagged as such and will be rejected for authentication.


Facebook does not have my phone number. The day they ask for it is the day I delete Facebook. It’s teetering on the edge, as it’s a convenint way to send pics of the kids to extended family.


When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

‘This isn’t a mistake now, this is clearly an intentional product choice’ says ex-CSO Stamos


1 Like
closed #8

This topic was automatically closed after 5 days. New replies are no longer allowed.