Facebook has finally introduced two-factor (2FA) authentication to users who are not willing to share their phone numbers. Instead of giving away such highly sensitive personal details, users are now welcome to try out Facebook’s 2FA via authenticator apps where they will receive the second authentication factor.
More about Two-Factor Authentication
Also known as 2FA or 2-step verification, it is a technology that has been around for quite some time. Patented in 1984, 2FA provides identification of users based on the combination of two different components. During the last few years, 2FA has been regarded as a secure way of user identification.
The change was announced by Facebook’s product manager Scott Dickens:
We previously required a phone number in order to set up two-factor authentication, to help prevent account lock-outs. Now that we have redesigned the feature to make the process easier to use third-party authentication apps like Google Authenticator and Duo Security on both desktop and mobile, we are no longer making the phone number mandatory.
Interestingly, NIST (National Institute of Standards and Technology) is not recommending the employment of SMS-based 2FA as it this method has proven vulnerable to malicious attacks
Furthermore, in 2016, researchers were able to prove that 2FA is not as secure as previously thought. The various types of social engineering can easily trick the user into confirming their authentication codes. How could this be done? According to Nasir Memon, Computer Science professor at Tandon School of Engineering, the crook would simply need to ask the user for the official verification code.
How? By sending a second, falsified text message or email asking the user to forward the original one. Prof. Memon has seen this happen multiple times. This type of 2FA is mostly used across the Internet to verify the identity of a user (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/facebook-2fa-authenticator-apps/