Facebook fixes a two-factor authentication bug

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on reddit
Share on whatsapp

2FA or Double Factor Authentication is a technique imposed by several organizations (Banks, Administrations, Taxes, EDF, etc.) and online services (Cloud, Streaming, Web Hosts, Social Networks, etc.) in order to secure access to user accounts. users from the web or from applications on smartphones.

In addition to your user name (ID) and password, a service provider or a social network such as Facebook or Twitter, asks you to activate two-factor authentication in order to further strengthen the protecting your account. Once activated, you will need to choose a secondary means of identification in addition to your username and password. For example, you can choose to use different means for this secondary two-factor authentication.

For example :
– The choice to receive a unique code by SMS on your telephone number registered with the service provider
– The choice to receive a code usable for a limited period (TOTP)
– The choice to use an authenticator app on your phone to confirm your identity (usually used by banks, insurance companies or PayPal)
– Facial, voice or fingerprint recognition.

And therefore, this technique makes it more difficult for hackers and malicious users around you or the web in general to access your accounts and personal data.

It was a definition of 2FA or Double Factor Authentication on paper, but in reality you will change your mind immediately because we learn that the technique has not escaped hackers in the case of Facebook and it is because of a bug in this system.

According to a computer researcher, a certain Gtm Mänôz, Facebook had not imposed limits on connection attempts with the code received by SMS via two-factor authentication, which would have allowed hackers to bypass the system and perform several temptations to enter the code, thanks to infinitely generated number combinations using a third-party program.

Once the hacker obtains the correct 2FA code, he links the Facebook account to his telephone number and then I let you imagine the rest and the hassle of recovering your account!

Finally Facebook assured that the incident was resolved a few days later.

Source link

Leave a Reply

Table of Contents