Facebook are once again in the crosshairs as it’s revealed that your profile can be located using the phone number that you provide for two-factor authentication.

Emojipedia founder, Jeremy Burge, this weekend pointed out how the phone number tied to your two-factor security method could be searched for via the Facebook user search function. Although Facebook do allow you to locate users via phone numbers that are linked to an account, it was never made explicitly clear that this included phone numbers provided only for security purposes.



Facebook does allow you to control who can search for your profile via a phone number, meaning that you can stop third-parties with no ties to you from searching for your profile. However, you cannot entirely opt-out of the ability for connected users to search for you. When you select who exactly can find your profile, you can only opt for “Everyone”, “Friends of Friends”, or “Friends”; you cannot change the option to “Nobody”.

Despite many users having been aware that you could search via phone numbers, it’s likely to come as a shock to some that you can search for friends by the phone number tied to their authentication process.

Now, some academics and other privacy experts have criticised the social media giant for making a change that could risk users’ security to a greater degree. This is bad timing for the firm, which is regularly in the spotlight after last year’s security blunders.

What is two-factor authentication?

Known by a number of names, such as two-factor authentication, two-step authentication, or just 2FA, this security method helps to protect your personal accounts with a secondary step that’s hard for hackers or thieves to crack. It typically involves a mobile phone, email account, or physical USB device. You’ll normally be send a code via email or text message, or have to verify yourself via a USB stick, in order to accompany your password in accessing an account.

Thanks to the increased protection it offers you and your personal accounts, we’d highly recommend setting up this security method on any accounts that permit it, be that social media, email, or financial.

If you have any concerns about your security, particularly when it comes to social media accounts or other websites that are hives of personal information, then speak to Which? Trusted Trader, WiseGuys. To get in touch with us, give us a call on 0808 123 2820. We can also advise you on how to go about setting up two-factor authentication on your accounts.