Mar 4, 2019 - Technology

Report: Facebook ties names to authentication phone numbers

Photo of Facebook login screen on an iPhone

Photo: Jaap Arriens/NurPhoto via Getty Images

Facebook is facing a new wave of criticism for letting users identify individuals by phone number even when they only gave Facebook the number for the purpose of two-factor authentication.

Why it matters: Critics are saying a measure that users take in order to protect their security is instead, in Facebook's hands, exposing their privacy.


  • Two-factor authentication (2FA) is a security measure that helps protect access to user accounts by tying that access not only to a password, but also to a secondary device — often a phone.
  • Reports last year showed that Facebook was already targeting ads based on phone numbers users shared for two-factor authentication.
  • A Twitter thread detailing the latest issue went viral on Sunday.
  • Last year, Facebook blocked users from searching directly for profiles by typing in phone numbers. But Facebook will still link phone numbers and profiles under other circumstances, including when you upload an address book to help Facebook find your friends, users say.
  • Facebook allows you to change a default setting in order to hide your phone number, but even when you do, users have reported that some kinds of searches based on the phone number will still come up with your name.
  • Last year, Facebook began offering alternatives to phone-number based 2FA and no longer requires a phone number.

What they're saying:

  • A Facebook spokesman said in a statement: "The 'Who can look me up?' settings are not new and are not specific to two-factor authentication. ... Today, the 'Who can look me up?' settings control how your phone number or email address can be used to look you up in other ways, such as when someone uploads your contact info to Facebook from their mobile phone. We appreciate the feedback we've received about these settings and will take it into account.”
  • New York Times columnist Zeynep Tufekci said on Twitter: "For years I urged dissidents at risk to use 2FA on Facebook. They were afraid of this. @Facebook doesn't care about their safety."
Go deeper