So you have a very strong password, have paired your mobile phone with your account using two-factor authentication, and think whoa, “I am so secured, they will have to steal my phone to access my account”. It turns out, the same two-factor authentication can land you in big trouble.
A newly reported technical loophole in the phone-based two-factor authentication system can allow someone to access a facebook account without any hassle of worrying about the password.
The problem occurs when a user changes his mobile number and forgets to disable this old number in his facebook account’s security section.
“Normally users just pair their new number with their facebook account without bothering to disable the old number”, said Waqas Shehzad, a Peshawar based Internet Security Expert.
When telecom companies resell such old phone numbers, the new owner can easily recover the facebook account paired with it, since they will get the security code at this number. They don’t need any password. Ever worse, facebook allows them to change the password if so desired.
How to secure myself against this flaw?
It is quite easy. Just remove all numbers paired with your account that you don’t use. You can do that by going to Settings and then clicking on Mobile on the left hand side of your screen.
Also make sure you enable notifications so that you get notified each time there is any unusual activity on your facebook account.
Stay vigilant, and don’t take your security lightly, your privacy is at stack.