#Security Alert : Facebook Two-Factor Authentication fail !
The Hacker News

Last year Facebook has launched a security feature called Login Approvals or two-factor authentication. This is a follow-up security update regarding Facebook Login from Facebook. They have already integrated Facebook login email alerts to get notification emails or SMS messages whenever a suspicious person uses your Facebook account from a different location.

Christopher Lowson, on his blog explains the Facebook Two-Factor Authentication, which is really another biggest fail of Facebook Security.

But that feature is not enough to ensure your account's security and that is why Facebook has launched "Login Approvals". This feature is very similar with Google 2-step verification which associates a mobile device with your Facebook account and authenticates the login by sending a verification code at your mobile phone device.

According to this feature, When user will logging into your Facebook account from a new device, a code will be sent to his phone which he will have to enter before he is granted access to your Facebook Account.

The Hacker News
What Lowson did, He click the option "I can't get my code" and noticed "Skip this and stop asking me to enter codes" and After clicking this he got asked "Log in without entering codes from now on?" by Facebook. Finally Lowson is able to login without Codes and 2 step authentication Security feature Turned off and Bypassed simply by options.
The Hacker News

Conclusion is that, Why Facebook is trying to use such security features which can be easily exploited at user end ? Even a very less percentage of facebook users are aware about this feature which is actually implemented last year and still have such bugs.

Submitted By: Christopher Lowson

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.