Fb Chief Safety Officer Alex Stamos apologized for spam texts that have been incorrectly despatched to customers who had activated two-factor authentication. The corporate is engaged on a repair, and also you gained’t obtain non-security-related textual content messages if you happen to by no means signed up for these notifications.
Fb says it was a bug. However calling it a bug is a bit too simple — it’s a function that was badly carried out because it’s clear that Fb has been treating all cellphone numbers the identical manner. It doesn’t matter if you happen to add your cellphone quantity for safety causes or to obtain notifications. Fb put all of them in the identical bucket. It’s poor design, not a bug.
“It was not our intention to ship non-security-related SMS notifications to those cellphone numbers, and I’m sorry for any inconvenience these messages might need brought on,” Stamos wrote. “We’re working to make sure that individuals who join two-factor authentication gained’t obtain non-security-related notifications from us until they particularly select to obtain them, and the identical will likely be true for many who signed up up to now. We anticipate to have the fixes in place within the coming days. To reiterate, this was not an intentional determination; this was a bug.”
And but, that is notably unhealthy as a result of it creates a foul narrative round two-factor authentication. Whereas Fb permits you to use a code generator cellular app or a U2F USB key, many individuals depend on textual content messages for two-factor authentication. It’s a second layer of safety in order that strangers who’ve your password can’t join with out the second issue.
Everybody ought to allow two-factor authentication. However folks would possibly hesitate now that they know Fb has used a safety function to enhance engagement up to now. I’d advocate turning it on with a code generator.
Does it imply tech publications shouldn’t have shared this info? In fact not (and I’m you, former Fb safety engineer Alec Muffett). If no person had written concerning the concern, Fb would nonetheless be spamming customers and sharing nice engagement numbers in its quarterly earnings launch.
The truth that Fb poorly carried out a safety function is… Fb’s fault.
Along with that, Fb can also be disabling posting to Fb through textual content messages altogether. Earlier this week, a tweet went viral as Gabriel Lewis tried disabling these textual content notifications and ended up sharing posts on Fb:
The corporate says that this function might have been helpful in some unspecified time in the future when smartphones have been much less fashionable, however there’s no purpose to maintain it round now.
Featured Picture: Fb