{"id":44,"date":"2012-11-02T19:02:38","date_gmt":"2012-11-02T19:02:38","guid":{"rendered":"http:\/\/www.dynapass.com\/blog\/?p=44"},"modified":"2015-10-27T16:52:23","modified_gmt":"2015-10-27T16:52:23","slug":"facebook-removes-mobile-numbers-used-in-two-factor-authentication-from-search","status":"publish","type":"post","link":"http:\/\/www.dynapass.com\/blog\/2012\/11\/facebook-removes-mobile-numbers-used-in-two-factor-authentication-from-search\/","title":{"rendered":"Facebook Removes Mobile Numbers Used in Two-Factor Authentication from Search"},"content":{"rendered":"<p>By David Tran on November 2nd, 2012<\/p>\n<p><a href=\"http:\/\/www.dynapass.com\/blog\/wp-content\/uploads\/2012\/11\/Facebook-Login-Approval-Two-Factor-Authentication.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-47\" title=\"Facebook-Login-Approval-Two-Factor-Authentication\" alt=\"\" src=\"http:\/\/www.dynapass.com\/blog\/wp-content\/uploads\/2012\/11\/Facebook-Login-Approval-Two-Factor-Authentication-300x261.jpg\" width=\"300\" height=\"261\" srcset=\"http:\/\/www.dynapass.com\/blog\/wp-content\/uploads\/2012\/11\/Facebook-Login-Approval-Two-Factor-Authentication-300x261.jpg 300w, http:\/\/www.dynapass.com\/blog\/wp-content\/uploads\/2012\/11\/Facebook-Login-Approval-Two-Factor-Authentication.jpg 929w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a>In mid 2011, Facebook announced the incorporation of <a title=\"what is two factor authentication\" href=\"http:\/\/www.dynapass.com\/glossary\/two-factor-authentication-2fa-dual-factor-authentication\/\" target=\"_blank\">two factor authentication<\/a> using mobile devices to authenticate their users and to protect against fraud attacks.\u00a0 The service is an opt-in security feature known as \u2018Login Approvals\u2019 to Facebook users and requires users to enter a code that is sent via text message to a user\u2019s mobile phone when logging into their account from a new or unrecognized computer.\u00a0 Once users enter in the unique code, they have the option of saving the device so that they do not see the challenge on future logins.\u00a0 This additional layer of security helps prevent unauthorized access for Facebook users.\u00a0 The majority of users primarily have static usernames and passwords associated with their accounts which can be easily hacked and in turn can expose their personal information on their Facebook profiles such as their personal emails, personal messages, mobile numbers, and other private data.<\/p>\n<p>Facebook\u2019s \u2018Login Approvals\u2019 is a form of two-factor authentication since it uses a user\u2019s login and password, something they know, and it sends a unique one-time pass code via SMS text message to a user\u2019s mobile device, something they have, to authenticate the user.\u00a0 The user then enters the code into the command prompt to gain access to their account.<\/p>\n<p>If a Facebook user somehow loses their phone and has the \u2018Login Approvals\u2019 feature turned on, they can still access their account using a saved device which has been granted access.\u00a0 Having recognized machines helps users prevent unauthorized access, prevents lockouts, and ensures users access to their accounts.<\/p>\n<p>Recently, Facebook removed the mobile phone numbers of users who have enabled the optional \u2018Login Approvals\u2019 from Facebook\u2019s search engine so that those mobile numbers are not able to be searched through a reverse-lookup. \u00a0Before, updates to the Facebook algorithm allowed users to enter in a mobile number and were able to see if that mobile number was tied to a \u2018Login Approvals\u2019 of a user.\u00a0 \u00a0\u00a0This means that if you knew someone\u2019s mobile phone number, or guessed random numbers, you could potentially find a person\u2019s identity if they linked their mobile number in Facebook\u2019s \u2018Login Approvals.\u2019\u00a0 This could have caused major security breaches if not corrected.\u00a0 This security flaw could have been abused to search for countless numbers of sequential phone numbers in order to find any Facebook profiles associated with them.<\/p>\n<p>Facebook has disabled this reverse-lookup feature for users that use their mobile phone to authenticate a login, but reverse-lookup is still enabled for all other users who display their phone numbers publicly.\u00a0 The new restriction only applies to mobile phone numbers used for two-factor authentication and not every phone number added by users in the \u2018Contact Info\u2019 section of their profile pages.<\/p>\n<p>The \u2018Login Approvals\u2019 is still a strong security feature which helps protect users against unauthorized access and prevents account abuse in cases where a user\u2019s password is compromised.\u00a0 \u00a0Facebook is developing a new system that will allow users to decide whether they want to make their mobile numbers used in \u2018Login Approvals\u2019 searchable and currently the search restriction for \u2018Login Approvals\u2019 is temporary until a new system is implemented.\u00a0 Similar features on other websites require users to download authentication software, apps, or purchase physical tokens to act as the second factor, but require a lot from users before being able to turn on the security feature. \u00a0We believe that Facebook has decided to use a two-factor authentication system using mobile devices because it is easy to implement, cost effective, and only requires users to have their mobile phone to authenticate them.\u00a0 Facebook users can enable \u2018Login Approvals\u2019 from the \u2018Account Security\u2019 section of the account settings page.\u00a0 If you have a Facebook account, you may want to consider enabling this feature to increase security of your account and decrease unauthorized access.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By David Tran on November 2nd, 2012 In mid 2011, Facebook announced the incorporation of two factor authentication using mobile devices to authenticate their users and to protect against fraud attacks.\u00a0 The service is an opt-in security feature known as \u2018Login Approvals\u2019 to Facebook users and requires users to enter a code that is sent [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[11,6,9],"class_list":["post-44","post","type-post","status-publish","format-standard","hentry","category-two-factor-authentication","tag-facebook-login-approval","tag-it-security","tag-two-factor-authentication-2"],"_links":{"self":[{"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/posts\/44","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/comments?post=44"}],"version-history":[{"count":16,"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/posts\/44\/revisions"}],"predecessor-version":[{"id":142,"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/posts\/44\/revisions\/142"}],"wp:attachment":[{"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/media?parent=44"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/categories?post=44"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.dynapass.com\/blog\/wp-json\/wp\/v2\/tags?post=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}