Facebook Login Approvals, Optional Two-Factor Authentication
Facebook began to roll out a two-factor authentication system designed to protect user accounts from unauthorized access in 2011.
Two-Factor authentication is designed to add a second layer of authentication to the login process to better protect accounts. There are two main types of systems in use right now: systems that send codes to user devices whenever a sign-in process is started, and systems that use code generators on user devices. Facebook supports both of these options.
Facebook Two-Factor Authentication
The company confirmed on the official Facebook blog that the feature has been rolled out to all Facebook users. Every Facebook user has now the option to enable two factor authentication on Facebook.
The protection was called Facebook Login Approvals previously but is now called Two-Factor Authentication instead.
Facebook users can enable the new security feature by opening the new 2FA page on Facebook. Users who prefer to go there manually need to click on the down-arrow icon and then on Settings > Security and Login > Use two-factor authentication.
A click on "turn on" launches a wizard that guides the user through the activation of the new feature.
Note that you either need to link a phone to your account or use an authentication app instead. Facebook offers both options and you can use either one to get or generate codes to sign-in to the Facebook account.
Setup itself is very straightforward and should not pose any issues even to users who never set up two-factor authentication systems before.
Login Approvals work in the following way
You link a mobile phone number to your Facebook account. This mobile phone number receives a code via test message whenever someone with the correct username and password tries to log in from an unauthorized computer.
Or, and that is the second option, you use a supported authentication app to generate the codes directly on your devices.
Either way, the code is only needed when sign-ins are recognized from a device that is unknown to Facebook (in other words, has not been used before or has been cleaned recently).
Attackers would need to have access to the generated code to log in to the Facebook account.
The two-factor authentication code is requested in the following scenarios:
- Whenever you sign-in to Facebook on a new device or using a new web browser.
- When someone else uses an unknown device or browser to sign-in using the correct login username and password.
- After you have cleared browsing data.
Facebook users will furthermore be notified of log in attempts from unauthorized computer systems. An unsuccessful attempt usually means that someone else is in possession of a user's Facebook username and password. Users get options to change their account password right away to protect their account further.
Back to the configuration. Codes are currently only send to mobile phones via SMS or generated by authentication apps such as Google Authenticator; this means that you need access to a mobile device to configure Facebook's two-factor authentication system.
Users who have not done that already are asked to add a mobile phone number to their account to complete the Login Approvals setup.
It is afterward necessary to confirm the link by entering a code that is sent to it by Facebook. The mobile phone number and Facebook account are from that moment on linked.
What happens if you lose your phone? You still have the option to log in from computer systems that have been authorized previously. You may also set up recovery codes on the Facebook site to access your account if you don't have access to your phone, or use security keys that support the Universal 2nd Factor (U2F) standard.
Facebook users who want to add an extra layer of protection to their account should consider enabling login approvals.Advertisement