Facebook Login Approvals, Optional Two-Factor Authentication

Martin Brinkmann
May 13, 2011
Updated • Sep 29, 2018
Companies, Facebook, Security

Facebook began to roll out a two-factor authentication system designed to protect user accounts from unauthorized access in 2011.

Two-Factor authentication is designed to add a second layer of authentication to the login process to better protect accounts. There are two main types of systems in use right now: systems that send codes to user devices whenever a sign-in process is started, and systems that use code generators on user devices. Facebook supports both of these options.

PayPal for instance is offering VeriSign ID Protection devices that act as a second layer of authentication. Google recently introduced two-step verification for Google accounts as well.

Facebook Two-Factor Authentication

facebook two-factor authentication

The company confirmed on the official Facebook blog that the feature has been rolled out to all Facebook users. Every Facebook user has now the option to enable two factor authentication on Facebook.

The protection was called Facebook Login Approvals previously but is now called Two-Factor Authentication instead.

Facebook users can enable the new security feature by opening the new 2FA page on Facebook. Users who prefer to go there manually need to click on the down-arrow icon and then on Settings > Security and Login > Use two-factor authentication.

A click on "turn on" launches a wizard that guides the user through the activation of the new feature.

Note that you either need to link a phone to your account or use an authentication app instead. Facebook offers both options and you can use either one to get or generate codes to sign-in to the Facebook account.

Setup itself is very straightforward and should not pose any issues even to users who never set up two-factor authentication systems before.

Login Approvals work in the following way

You link a mobile phone number to your Facebook account. This mobile phone number receives a code via test message whenever someone with the correct username and password tries to log in from an unauthorized computer.

Or, and that is the second option, you use a supported authentication app to generate the codes directly on your devices.

Either way, the code is only needed when sign-ins are recognized from a device that is unknown to Facebook (in other words, has not been used before or has been cleaned recently).

Attackers would need to have access to the generated code to log in to the Facebook account.

The two-factor authentication code is requested in the following scenarios:

  1. Whenever you sign-in to Facebook on a new device or using a new web browser.
  2. When someone else uses an unknown device or browser to sign-in using the correct login username and password.
  3. After you have cleared browsing data.

Facebook users will furthermore be notified of log in attempts from unauthorized computer systems. An unsuccessful attempt usually means that someone else is in possession of a user's Facebook username and password. Users get options to change their account password right away to protect their account further.

Back to the configuration. Codes are currently only send to mobile phones via SMS or generated by authentication apps such as Google Authenticator; this means that you need access to a mobile device to configure Facebook's two-factor authentication system.

Users who have not done that already are asked to add a mobile phone number to their account to complete the Login Approvals setup.

It is afterward necessary to confirm the link by entering a code that is sent to it by Facebook. The mobile phone number and Facebook account are from that moment on linked.

What happens if you lose your phone? You still have the option to log in from computer systems that have been authorized previously. You may also set up recovery codes on the Facebook site to access your account if you don't have access to your phone, or use security keys that support the Universal 2nd Factor (U2F) standard.

Facebook users who want to add an extra layer of protection to their account should consider enabling login approvals.

Facebook Login Approvals, Optional Two-Factor Authentication
Article Name
Facebook Login Approvals, Optional Two-Factor Authentication
Find out how to set up Two-Factor Authentication on Facebook to add an extra layer of security to Facebook Accounts.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. thiha said on July 3, 2016 at 10:34 pm

    I lost my phone.I can’t login approval code.Please sent me approval code in this emai.I am real owner.Thanks you.

  2. GOPINATH said on October 29, 2013 at 3:42 pm

    dear sir,
    i am from india. In my account, login approvals setting is not found on security page. What can i do??

    1. Martin Brinkmann said on October 29, 2013 at 4:18 pm

      You need to have entered a mobile phone number on Facebook. Did you do so?

      1. GOPINATH said on October 30, 2013 at 2:15 pm

        i have added 3 phone numbers sir..

  3. Anonymous said on April 15, 2013 at 5:58 am

    48 hours gone without accessing my facebook. I really wish i hadn’t turn this crap on.
    Everytime i try, they send the code but it’s not working. Somebody help.!! :(

  4. sarah brodrick said on January 23, 2013 at 2:22 am

    Hi all,
    I have been going out of my mind for over a week, I have sent numerous reports to facebook and yet they havent bothered. Aspam post (not intended as spam as it was my best friend who commented on my post)posted on my wall 545 times these 545 message posts were also pinging my phone , i panicked and quickly unlinked my phone from facebook when i then tried to log in later that day and it said i dont have phone linked to account therefore they cannot send login approval code!!!! I tried all sorts tried all their ‘help’ pages’ even sent my government photo id and they arseholes still blank me arghhhh . I then tried a different email account and was told (via automated screen message) my account would be active after 24 hours-was it hell!!! i counted down the last 30 minutes then tried to logg in and it sent me right back to where i started still no facebook retrieval. This is outrageous, reading that this is a very common problem, the amount of bloody money the company have, you’d think they would have sorted it out. I dont know what to do ? Has anyone had any joy yet.

  5. zens said on November 11, 2012 at 11:36 am

    lol. i think the login approval will be the perfect security, but its worse. lolz

  6. kammy said on October 20, 2012 at 12:40 pm

    same problem. any links ?

  7. Mik said on September 20, 2012 at 8:35 am

    Its been four days now and no response !! Poor effort FB

  8. Mik said on September 20, 2012 at 8:34 am

    Its been four days now and no response !! Piss poor effort FB

  9. Kathryn said on August 17, 2012 at 1:32 am

    Same thing happened here – after repeated attempts to enter codes & such .. They will not reactivate any of my devices or help me log in to do so. The multi zillion $ co does nothing to help in this area to the people who are actively helping keep it up & running . Very sad.

  10. Sharon Stephens Hicks said on March 26, 2012 at 5:00 pm

    I am having the same problem? So why hasn’t anyone correctly answered this question? Why can’t we turn login approvals off? And why does fb totally ignore our emails? I’ve been off for 4 days and slao deleted fb from my phone thinking that would help but no . so now I cant even login from my mobile phone. Can anyone please help???? Thank you in advance.

  11. Anita said on March 6, 2012 at 5:34 am

    What is up?

  12. milos said on February 1, 2012 at 9:55 pm

    security code mobile face

  13. Monster said on January 19, 2012 at 7:54 am

    I think it could be a good idea if Facebook develops its own Two Factor Authentication app for smart phones – Similar to the Google Authenticator App available for iPhones at the iTunes store. That way, the authentication tokens are created on the the smart phone locally – Instead of relying exclusevely in their SMS Gateaway which may become unstable, as well as the Mobile network of the users. The smart phones could even be out of celular network reach but as long as it has battery it can still serve authentication tokens through the app itself.

  14. R.Aditya Srikanth said on December 23, 2011 at 4:44 pm

    The mobile number registered in my account is inactive , so when
    Facebook does security check and sends the security code in my mobile number I couldn’t get it , so how am I going to change my mobile number ? Coz I couldn’t log in because of security check procedures?

  15. masab gondal said on December 4, 2011 at 12:34 pm

    i am a user of facebook.i have been facing problem to get my login approval code on my mobile for last 2days.i tried many resends of the approval code but did not receive it.neither Facebook admin did not reply my issue neither they responded via anyemail regarding the issue.can any body tell my how to access my code or facebook account without code.

    1. Julie said on December 5, 2011 at 10:45 am

      U need to file a report.. Then u need to submit gov. I’d like passport..then wait for Facebook reply:) be patient :)

      1. Prithvi said on January 10, 2018 at 9:36 am

        I sent my ids and citizensip photos also but dint got any reply

      2. fAirr said on December 18, 2011 at 6:23 am

        but how if the code is sent to a number which is no longer being used? how can i do that?

  16. Julie said on October 14, 2011 at 6:52 am

    I’ve sign up for a login approval but I’ve lost my phone and I don’t have a recognized device. What will I do? Help me! I’ve locked out for four months :( email me here [email protected] if there’s a solution thank u!!

    1. kammy said on October 22, 2012 at 6:16 pm

      let me know if u hear a reply i am in the same situation!!

  17. Babar khan said on August 28, 2011 at 10:33 pm

    sir,my account is deactivate bcoz i lost my mobile and ow i can”t get security code and i also an”t add reconized device to active my account please tell me what can i do ?there is no rplyy from facebooki too can no longer log into my account because this system is not working, I been trying to find a solution but I have had not feedback what so ever from Facebook, and I confirmed that other services that use functions like this do work
    [email protected]

  18. Michael said on June 14, 2011 at 10:47 pm

    I too can no longer log into my account because this system is not working, I been trying to find a solution but I have had not feedback what so ever from Facebook, and I confirmed that other services that use functions like this do work.

    1. hannah said on June 14, 2011 at 10:56 pm

      Michael, I was locked out for a week but managed rto get back in my addind a new email address onto my facebook (you can do this if you remember your security question and answer from when you first registered. It takes 24hours for you to be able to regain access, it then allows you to log in, and add a new mobile number (I used a friends) and got the security code phoned through to me, I was then able to get back in! Good luck, hope this helps!

      1. Olia said on June 23, 2011 at 7:22 pm

        Hannah,how can I add a new E mail onto my account?

  19. Rajesh said on June 10, 2011 at 5:20 pm

    thank god for not blocking my account it only was disactivated

  20. Hannah said on May 30, 2011 at 11:25 pm

    Andrea I wish I’d seen your message about this before I opted for approved logins…. Exactly the same has happened to me. Have you been able to get back on yours now?

  21. Andrea said on May 25, 2011 at 2:08 am

    DO NOT USE THE FB APPROVAL SYSTEM!!! It has had me locked out of my account AND my business account for four days now!! The system does not work! It would not save my computer as a home device so I deleted my number thinking that would shut it off…. well it doesnt. Instead it makes you completely stuck because log in approvals are still on BUT my number is not in there to send me a code. soooo now I’m unable to get on my FB or my business page which is REALLY taking a hit because of this. I’ve reported the bug repeatedly and emailed the FB team over and over again and have not recieved anything except one automated message that said “We cannot offer support for this issue”


    1. kammy said on October 21, 2012 at 4:20 pm

      i am the same! ive been logged out weeks now, is there a way to fix it ?

    2. anonGHacks said on August 19, 2011 at 3:37 am

      Instead of deleting your number thinking it would turn it off, why didn’t you just turn it off properly by unchecking “Require me to enter a security code sent to my phone”?

      1. stacey said on January 27, 2013 at 10:55 pm

        Iv been havin this problem for bout 5months now and fb don’t get back to you and still can’t get on

  22. David BUllock said on May 14, 2011 at 1:35 am

    Unfortunately, it doesn’t appear to work with Google Voice

    – Dave

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.