In this guide, you’ll learn how to enable two-factor authentication (2FA) on Facebook using both the SMS and Authentication App based methods.
As with other online accounts, switching on two factor authentication – or 2FA – for your Facebook account is one of the most powerful steps you can take to secure your Facebook account from hijacking.
Facebook being the largest and most popular social media platform knows this, that’s why they have an option for 2FA to protect their users account information.
Previously, Facebook only required a phone number (SMS based) in order to activate two factor authentication. But it now allows for the use of authenticator Apps such as Duo Security, Google Authenticator, Authy, etc.
Here is how you set up two factor authentication (2FA) on your Facebook account using either SMS or Authentication Apps:
A. SMS based 2FA setup for Facebook
On Facebook App
To turn on SMS based 2FA on Facebook App follow these simple steps:
1. Tap the hamburger (three-lines) menu icon on the top-right corner of your Facebook App.
2. Tab to expand Settings & Privacy and select “Settings”.
3. Under the Security section, tap “Security and Login”.
4. Under the Setting Up Extra Security, tap “Use two-factor authentication”.
5. Tap “Get Started” to begin.
6. Facebook will ask you to Choose a Security Method, tap “Text Message”.
7. Enter the two-factor authentication confirmation code from Facebook sent to your phone number and tap “Next”.
(For your security, Facebook will require you to re-enter your password).
8. Congratulations! Two-Factor Authentication Is On. Tap “Finish” to exit.
On Facebook Web
On the web, where Facebook has the 2FA settings is a bit different than on the App (and Facebook tends to update both layouts often).
1. Go to your Facebook Security and Login Settings or click the down-facing arrow in the top-right corner of Facebook and click “Settings” and then “Security and login”.
2. Under the Two-factor authentication section, click “Edit” next to Use two-factor authentication.
3. Click “Get Started” to begin.
4. Facebook will ask you to Choose a Security Method, click on the radio button under Text Message to select it and click “Next” to continue.
5. Enter the two-factor authentication confirmation code from Facebook sent to your phone number and tap “Next”.
6. Congratulations! Two-factor authentication is on. Tap “Finish” to exit.
For added security Facebook allows you to set up a backup option so that you can log in if your chosen security method (SMS in this case) isn’t available.
The options are:
i. Security key – You can set up your Universal 2nd Factor (UTF) security key here if you have one. This is a USB or NFC hardware which you can plug in as a second factor to gain access to your account without punching in any codes.
ii. Authentication App – Here you’ll receive your 2nd Factor via a third-party authentication app e.g. Google authenticator. This is discussed in the next section.
iii. Recovery codes – These are offline codes that you can copy or print out and keep in a safe place for times when you may not have your phone with you. E.g. when traveling and your mobile is roaming or unavailable.
To set recovery codes, click Set up -> Get codes. A set of 10 8-digit codes will be generated for you. You can use them in any order.
B. App based 2FA setup for Facebook
Authentication App based method for 2FA doesn’t rely on your phone number. Due to that, it’s a much more secure and reliable method than the SMS based.
There are a few options of third-party authentication Apps to choose from, namely the Google Authenticator, Duo Security, Authy, Microsoft Authenticator, etc.
But the one I recommend and will be using is Authy. And that’s because Authy is more feature-rich and allows for multi-device syncing.
To turn on Authentication App based 2FA on Facebook follow these simple steps:
1. First of all, you need to install and set up Authy.
2. Go to your Facebook Security and Login Settings or click the down-facing arrow in the top-right corner of Facebook and click “Settings” and then “Security and login”.
3. Under the Two-factor authentication section, click “Edit” next to Use two-factor authentication.
4. Click “Get Started” to begin.
5. Facebook will ask you to Choose a Security Method, click on the radio button under Authentication app to select it and click “Next” to continue.
6. Scan the QR code on the Set up via third-party app screen using your Authy App.
7. EXTRA: Sometimes Authy may not detect the correct logo for that website, tap on the “Wrong Logo? Select Another One” link to choose the appropriate logo.
8. Tap “Done” on the Authy app. Congratulations you are now security aware!
Set up trusted devices to skip 2FA
Your newly set up Facebook 2FA is triggered only when there is a login on your Facebook account from an unrecognized device, browser or location (or all 3 of these).
Now you need to have your Facebook account recognize and trust your personal devices if you prefer not to use 2FA each time you log in.
To do this, log out from your Facebook account and log back in from the device you want to be recognized. Upon login, your 2FA would be requested after which Facebook will ask if you want to save that device or browser as a trusted/authorized device.
You can manage your trusted devices from the Authorized Logins menu. That means if you mistakenly saved a device as trusted, you can delete it from this menu.
Generate App passwords for non-supported Facebook 2FA Apps
Additionally, for apps like Skype, Spotify and Xbox that you log into using Facebook, and Facebook 2FA is not supported, you can get a unique one-off password specifically for that App.
This is a special password for only that App that can you can use to securely login instead of your Facebook password or your login codes.
To generate an App password, click “Add” next to App passwords, then click “Generate app passwords”. On the pop-up menu, click “Generate App passwords”, name the App you want, e.g Skype and click “Generate Password”. Your one-time Skype password will be shown to you, log in with this or write it down as it will not be shown to you again. Click “Finish” to exit.
What’s next? If you’d like me to assist you set up 2FA for your important online accounts, send me an email at firstname.lastname@example.org and I’d be glad to help.
Don’t forget to also share this post with your friends and family so they too can secure their Facebook accounts. Or recover their hacked Facebook account, if they have unfortunately already been hacked.