Setting up two-factor authentication is usually a recommended move to keep important accounts secure — but on Facebook, adding a phone number could impact privacy. Aftera tweet from a usercomplaining that Facebook required a phone numberfor two-factor authentication, Facebook’s iffy data practices areonce again in the spotlight, this time with what actually happens to your phone number when adding two-factor authentication.
The practice coming into question isn’t new — just highlighted by a new round of complaints. Facebook has offered two-factor authentication since 2011. The company says that phone numbers added to an account, including areas outside of two-factor authentication, are then linked to the account. Facebook uses those phone numbers for more than just security,using them for ad targetingif a business also has that same phone number and allowing other users to find their profile by typing the phone number into the search bar.
The tweet sparking the latest round of criticism comes from the owner of Emojipedia, Jeremy Burge, who added a phone number during a time when Facebook required managers of large Pages to use two-factor authentication. While Facebook no longer requires a phone number for accounts with a large number of followers, the network also doesn’t appear to have an option to delete the information once added to the account.
So what are Facebook users to do? Well, if you already provided Facebook with your phone number, there isn’t an option to delete it. (In some cases, Facebook may already know your phone number from when users could give Facebook access to their phone contacts to find their friends.)
But for users who haven’t yet given away their phone number, third-party apps will allow for two-factor authentication without a phone number.Apps like Google Authenticator and LastPassgenerate a unique code to activate two-factor authentication instead of a phone number.
