A security researcher Christopher Lowson, has found a way to bypass the security feature called Two-Factor authentication. If you login from unknown devices, Facebook will launch the Two-step authentication and asks users to enter code which is send to your phone.
When Lowson try to login into Facebook , the Facebook asked him enter Login approvals code. As he faced some inconvenience in mobile , he select the “I can’t get my code” and noticed “Skip this and stop asking me to enter codes”.
When he follow the skip option, Facebook asked “Log in without entering codes from now on?” . This allowed him to completely disable the Turn off security codes.
“I bypassed the 2 step authentication code !! WTF? So in conclusion why have a 2 step authentication option when it can be disabled without having to enter it once before? Kinda defeats the purpose ? No?”Lowson said in his own blog post.