Facebook two-factor authentication spam text was result of a bug. Chief Security Officer of Facebook, Alex Stamos has apologized for spam texts sent incorrectly to users who had activated two-factor authentication.

Facebook is working on a fix, and you would not be receiving non-security-related text messages if have you never signed up for those very notifications.

The company says it was a bug. But it is bit too easy to call it a bug is — it is a feature which was badly implemented as it is clear that Facebook has been treating all the phone numbers the same way.

It does not matter if you like adding your phone number for security reasons or for receiving notifications. Facebook does put all of them in the same bucket. It is due to poor design, not it is a bug.

Must Read: To be fully manufactured in India, Redmi Note 5 & Note 5 Pro will be launched on 22 Feb

Stamos writes, “It was not our intention to send non-security-related SMS notifications to these phone numbers, and I am sorry for any inconvenience these messages might have caused,” adding that we are working for ensuring that people who sign up for two-factor authentication would not receive non-security-related notifications from us unless they specifically choose to receive them, & the same will be true for those who have signed up in the past.

Stamos expect to have the fixes in place soon in the coming days. He adds saying “to reiterate, this was not an intentional decision; this was a bug.”

And yet, this is particularly very bad because it does create a bad narrative around two-factor authentication. While Facebook lets you utilise a code generator mobile application or a U2F USB key, many of the people rely on text messages for two-factor authentication. It is a 2nd layer of security so that strangers having your password can not connect without the second factor.

Everyone should be enabling two-factor authentication. But, now people might hesitate that they know Facebook has used a security feature for improving engagement in the past. I would recommend you turning it on with a code generator.

The fact that Facebook has poorly implemented a security feature is actually a fault of Facebook.

In addition to that all, Facebook is also disabling posting to Facebook through text messages altogether. Earlier this week, a Twitter post went viral as Gabriel Lewis tried disabling those text notifications & ended up sharing posts on Facebook:

The company says that the very feature may have been useful at some point when smartphones were less popular, but there is no reason to keep it around now.


Please enter your comment!
Please enter your name here