Facebook didn’t meant to send spam texts to two-factor authentication users

42 views Leave a comment

Facebook Chief Security Officer Alex Stamos apologized for spam texts that were wrongly sent to users who had activated two-factor authentication. The association is operative on a fix, and we won’t accept non-security-related content messages if we never sealed adult for those notifications.

Facebook says it was a bug. But job it a bug is a bit too easy — it’s a underline that was badly implemented as it’s transparent that Facebook has been treating all phone numbers a same way. It doesn’t matter if we supplement your phone series for confidence reasons or to accept notifications. Facebook put all of them in a same bucket. It’s bad design, not a bug.

“It was not a goal to send non-security-related SMS notifications to these phone numbers, and we am contemptible for any nuisance these messages competence have caused,” Stamos wrote. “We are operative to safeguard that people who pointer adult for two-factor authentication won’t accept non-security-related notifications from us unless they privately select to accept them, and a same will be loyal for those who sealed adult in a past. We design to have a fixes in place in a entrance days. To reiterate, this was not an conscious decision; this was a bug.”

And yet, this is quite bad since it creates a bad account around two-factor authentication. While Facebook lets we use a formula generator mobile app or a U2F USB key, many people rest on content messages for two-factor authentication. It’s a second covering of confidence so that strangers who have your cue can’t bond though a second factor.

Everyone should capacitate two-factor authentication. But people competence demur now that they know Facebook has used a confidence underline to urge rendezvous in a past. I’d suggest branch it on with a formula generator.

Does it meant tech publications shouldn’t have common this information? Of march not (and I’m looking during you, former Facebook confidence operative Alec Muffett). If nobody had created about a issue, Facebook would still be spamming users and pity good rendezvous numbers in the quarterly gain release.

The fact that Facebook feeble implemented a confidence underline is… Facebook’s fault.

In further to that, Facebook is also disabling posting to Facebook around content messages altogether. Earlier this week, a chatter went viral as Gabriel Lewis attempted disabling those content notifications and finished adult pity posts on Facebook:

The association says that this underline might have been useful during some indicate when smartphones were reduction popular, though there’s no reason to keep it around now.

Featured Image: Facebook