Facebook says it’s sorry for authentication snafu
LOS ANGELES — An engineer signed up for Facebook two-factor authentication, and the social network responded by sending him endless text notifications, ones he didn’t want.
After Gabriel Lewis posted about his woes on Twitter, Facebook responded by saying it was “looking into the situation.”
Friday afternoon, it found the answer in an apology. “I am sorry for any inconvenience these messages might have caused,” wrote Alex Stamos, Facebook’s Chief Security Officer, in a blog post. “We are working to ensure that people who sign up for two-factor authentication won’t receive non-security-related notifications from us unless they specifically choose to receive them. ... We expect to have the fixes in place in the coming days.
“To reiterate, this was not an intentional decision; this was a bug.”
In the meantime, USA TODAY has the quick, easy solution for readers, bug or no bug. Don’t give Facebook your phone number.
Two-factor authentication is recommended by security experts as a way to keep hackers away from your private networks by signing in twice. In general, you sign on with your password and then wait for a SMS text for a new code for a second sign-in.
But you can apply two-factor authentication without getting texts.
Your best bet: Download a third-party app, like Google Authenticator or Authy, which generates specific codes that you can then use for your sign-in.
Facebook also offers “Security Keys” that would let you sign in via a USB device. It’s more secure, but for most of us, returning to the days of carrying a dongle for a code would be a hassle.
Facebook notes that people who sign up for two-factor authentication using the U2F security key or code generator apps “do not need to register a phone number with Facebook.”
To add the third-party authenticator apps, start by downloading them to your phone at the iTunes or Google Play stores. Then, on Facebook, go to the More tab, select Security and Login and Two-factor Authentication. Here, Facebook offers several choices. We suggest Code Generator. Open it up, and Facebook will ask you to use your app to connect, via a QR code, the first time, and then to type in the code generated in the app. Now you’re all set up. Every time you want to re-open Facebook, you’ll be prompted to add a code generated by the authentication app.