Two-factor authentication, a security measure that requires a verification code as well as a password upon login, can help prevent phishing and account takeover.
But at Facebook, two-factor authentication ended up being used as a way to pester its users with notifications.
A number of people have been receiving random notifications from Facebook after giving the social network their phone number for two-factor authentication. Worse, if they attempt to cancel that by replying to the message, say with STOP or CANCEL, Facebook would post their replies as a status update for all to see. Now, the social network has admitted that the issues were caused by a bug and promised to roll out a fix that will stop non-security-related notifications in the next few days.
“The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications,” Stamos wrote in a blog post. “We are working to ensure that people who sign up for two-factor authentication won’t receive non-security-related notifications from us unless they specifically choose to receive them, and the same will be true for those who signed up in the past.”
Facebook never intended to send SMS notifications to two-factor authentication users, Stamos said. He also apologized for any inconvenience caused by the notification messages.