Facebook users searchable by phone number for two-factor authentication – reports

Kyle Chua
You can limit who can look you up, but you can’t opt out of the feature entirely

MANILA, Philippines – Facebook has once again come under fire for allowing users to be searchable using their mobile numbers without including an option to disable the feature.

Although the feature is not new, it was only brought to attention last weekend by a tweet from emoji historian Jeremy Burge, who pointed out that the mobile number you provide for your two-factor authentication (2FA) is the one that people can look you up with.

Facebook’s 2FA makes it harder for hackers to hack into your account by texting a security code that you need to enter along with your login credentials.

However, this recent discovery has people thinking that the extra security is not worth one’s privacy.

“I can no longer keep private the phone number that I provided only for security to Facebook. Zero notification of this major, risky change,” security researcher Zeynep Tufekci tweeted. “For years I urged dissidents at risk to use 2FA on Facebook. They were afraid of this.”

Anyone on Facebook can search for you using your number by default, but you can limit it to friends of friends or just your friends.

There’s currently no way to disable the feature entirely. Facebook refused to share whether they would add the option to do so in the future, as reported by .  

Burge added that your number is shared between all Facebook-owned platforms including Instagram, Messenger, and WhatsApp.

A Facebook spokesperson, meanwhile, told CNN that the feature is supposed to make it easier to find people you know that aren’t your friends yet on the platform yet by simply uploading your mobile phone contacts or sending them your number.

Last year, Facebook admitted that the mobile numbers users entered in their Facebook two-factor authentication became targetable by advertisers.

You can at least still use two-factor authentication without providing your mobile number as Facebook last year allowed the security feature to be set-up using third-party apps such as Google Authenticator and Duo Security. – Rappler.com