Unless you've been living in a cave, you've probably heard a lot over the past year about Facebook's difficulties with properly securing the personal data that you share with it. In fact, along the way, we've discovered how much Facebook can figure out about you, without you ever directly giving it any information about yourself.
From social sharing buttons that track the websites you visit, to "shadow profiles" that use data from Facebook members in your social circle to fill in the blanks on your behalf, the company's consumption and marketing of your personal details continues apace.
And according to a new report from TechCrunch, even the contact info that you give Facebook to securely log in can be used to find you on the social network -- and the company currently doesn't allow you to disable this searchability.
The issue is related to the two-factor authentication (2FA) that Facebook has been aggressively promoting for months. With this system, Facebook sends you a temporary code to confirm your identity, and it expires after about 30 seconds. In theory, since this code can only appear on the phone associated with your account, it prevents hackers from getting in even when they have (or can guess) your password.
The default setup for Facebook's 2FA asks for your phone number -- yet this same number can apparently be searched for on the social network to find your profile page. From there, a person can see whatever else is publicly viewable on that page, like where you live, who your friends and family are, and your opinions on anything that you've talked about on Facebook in the past.
Thankfully, phone numbers aren't the only way to use two-factor authentication. In fact, they're the inferior way to go about it, and not just because of Facebook's latest privacy lapse. With 2FA based on a phone number, the SMS text messages that contain your login code can be intercepted by the bad guys, or they can just fail to arrive if your connection is spotty.
The much better method is to use an app like the Google Authenticator, which generates these special codes right on your phone instead. This helps to make the code more private and more accessible to you. And luckily for you, we have a whole guide on how to do that. It takes a little more setup than SMS-based 2FA, but we think it's worth the extra peace of mind.
FOLLOW Download.com on Twitter for all the latest app news.
How to change your Facebook login security settings
To change your Facebook login security settings, log in and go to your account's 2FA setup page. Click the "Get Started" button, select Authentication App on the right, click Next, open Google Authenticator (if you've chosen that for your 2FA), tap the red "+" button in the bottom right, and then "Scan a barcode." Then use your phone camera's viewfinder to view the QR code.
Putting the QR code in front of your phone's camera will automatically sync the app's code generation with Facebook's user authentication system, but you're not quite done yet. To confirm with Facebook that you're properly syncing, click Next, enter the 2FA code that your app is showing you, and then click the Next button one last time to complete the process.
- Facebook defaults to using your phone number to set up two-factor authentication, and TechCrunch reports that this phone number can be used to find you on the social network. There is no setting to disable this visibility.
- However, you can switch to using app-based authentication, which is more secure and reliable than SMS text messages anyway.
- Many popular health apps found to be sending Facebook sensitive customer data
- Facebook for Android users can now disable location sharing when not using the app
- Facebook's Onavo VPN app that was used for snooping is shutting down amid controversy
- Facebook faces complaints from more former content moderators in lawsuit (CNET)
- Microsoft Edge lets Facebook run Flash code behind users' backs (ZDNet)
- How tech scandals impact workers and job seekers (TechRepublic)