Facebook touts two-factor authentication as one of the best security measures users
can take to protect their information. That means you’re required to provide not
only a user name and password, but also something that only you have, like a piece
of information. Normally that level of security is preferable to the minimum — but
recently, one journalist was shocked to discover that Facebook shut it off without
her permission.

According to WIRED writer Louise Matsakis, she received a message from Facebook
out of the blue notifying her that her security had been turned off. Since she hadn’t
done anything, she immediately assumed she’d been hacked — and that the
sensitive messages she had from sources had been compromised.

“We wanted to let you know that your mobile number was removed from your
account,” the message read. “Because of this, we’ve turned off two-factor
authentication on your account to make sure you don’t get locked out when using an
unrecognized computer or mobile device to log in.”

According to Facebook, this bug can occur when a user changes their phone number
or a privacy setting associated with it. If a similar problem happens to your account,
you can report it in Facebook’s Help Center. But more than anything, it’s just further
proof of the control Facebook has over our digital lives.

“It’s evidence of the implicit trust we all put in Facebook to safeguard our most
sensitive communications,” Matsakis wrote. “The platforms we rely on the most are
built by humans, which means they'll always