Tuesday, 6 March 2012

#Security Alert : Facebook Two-Factor Authentication fail !

facebook+hacked

Last year Facebook has launched a security feature called Login Approvals or two-factor authentication. This is a follow-up security update regarding Facebook Login from Facebook. They have already integrated Facebook login email alerts to get notification emails or SMS messages whenever a suspicious person uses your Facebook account from a different location.

Christopher Lowson, on his blog explains the Facebook Two-Factor Authentication, which is really another biggest fail of Facebook Security.

But that feature is not enough to ensure your account’s security and that is why Facebook has launched “Login Approvals“. This feature is very similar with Google 2-step verification which associates a mobile device with your Facebook account and authenticates the login by sending a verification code at your mobile phone device.

According to this feature, When user will logging into your Facebook account from a new device, a code will be sent to his phone which he will have to enter before he is granted access to your Facebook Account.

Facebook-fail
What Lowson did, He click the option “I can’t get my code” and noticed “Skip this and stop asking me to enter codes” and  After clicking this he got asked “Log in without entering codes from now on?” by Facebook. Finally Lowson is able to login without Codes and 2 step authentication Security feature Turned off and Bypassed simply by options.
Facebook-fail-2

Conclusion is that, Why Facebook is trying to use such security features which can be easily exploited at user end ? Even a very less percentage of facebook users are aware about this feature which is actually implemented last year and still have such bugs.

No comments:

Post a Comment

PAGEVIEWS