The security of social networks is a very sensitive approach, since many share some personal content between friends or partners, who with a security breach such content can come to the fore and generate a lot of controversy. As has happened recently with the case of Cambridge Analytica.
Facebook exists to two-factor verification, but now the social network has decided to change the same. Facebook announced that it has changed the way to configure two-factor authentication. The new process aims to make the 2FA more simplified and eliminates the need to register a phone number.
Previously Facebook needed a phone number to enable two-factor authentication, now it also supports applications like Duo Security and Google Authenticator. The company says the setup process has been refined, resulting in a simpler and more focused experience enabling 2FA.
This update came a few months after Facebook admitted that a bug in its 2FA system caused non-security SMS notifications to be sent to users' phones. Facebook uses the automated number 362-65 as their two-factor authentication number, and that same number eventually sent out notifications of Facebook people via SMS without their consent. The answers to these texts ended up being posted on users' Facebook profiles.
Is this option the safest?
Using authenticating applications instead of a phone number is actually a safer option. SMS has been at the center of many two-factor attacks, including a recent incident in which Telegram were compromised in Iran.