Account hijacking is a big problem on Facebook, where attackers manage to guess—or brute-force—your passwords. Two-factor authentication can help make it harder for criminals to take over your account.
When attackers breach the account, the end goal may be just to send spam or to trick your friends into clickjacking scams. The attacker may also be using Facebook as a stepping stone to other attacks. Regardless, it makes sense to protect your account with something a bit stronger than just passwords.
Enter two-factor authentication, a way to make it harder for criminals to break in to your account. Facebook rolled out two-factor authentication two years ago as “Login Approvals” so that users could protect themselves from account hijackings.
There are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options, and the most common combination is the password and a one-time code sent to a cell phone.
In the case of Facebook, the one-time password is either sent via SMS message to a non-Android or iOS phone, or generated on the Facebook mobile app for Android and iOS devices. With Login Approvals enabled, someone trying to break into your account needs to know more than just your email address and password. That person will also need your mobile device to obtain the additional security code.
Login Approvals works a little differently from other site implementations in that the user is asked to enter that security code only when the login is from an unrecognized device. If someone tries to log in from somewhere else, that attempt would be blocked. But if that person stole your laptop and tries to log in to your account, there won’t be a security prompt because Facebook recognizes the device.
Even so, enabling Login Approvals is a good idea in most cases because it adds extra layer of security. In general, if you have multiple defenses in place, attackers will just give up and find an easier victim.
Turning on Login Approvals
To set up two-factor authentication, click on the gear icon on the top right corner of the page, and select “Account Settings” from the drop-down menu. When you click on “Security,” you will see several settings, including “Login Approvals.” Clicking on the option opens up a checkbox, “Require a security code to access my account from unknown browsers.”
Facebook will walk you through the process step-by-step, explaining how to receive the security code on your mobile device and where to type it in whenever you want to access your account from an unknown location. You can receive SMS messages to non-Android or non-iOS devices, or use the latest version of the Facebook app on Android and iOS. In the Facebook mobile app, there is a Code Generator that generates one-time passwords that are used for Login Approvals.
Whether you decide to use SMS messages or the Facebook app, the challenge will ensure only people who know your account credentials and have physical access to your mobile device can actually log in. If you, as the user, accidentally lose your phone, you aren’t automatically locked out since you always have the option to log back in using a recognized device.
Curious about two-factor authentication for other apps? See if they’re supported.
14 comments on “How to Turn on Login Approvals on Facebook”
If I do not use facebook on smartphone or login from android device should we still enable login approvals. I only get emails from friends in my mail PC only and then login if I recognize them.
My husband and I only have one phone so I can’t use 2-factor authentication because often the phone isn’t available (my husband has it and isn’t where I am). There ought to be another way.
I don’t have mobile cover in many places, makes it hard to get the code.
I have having trouble receiveing my approval code through facebook. my number is ###-###-####. I need help thanks
We’re not Facebook. You need to contact Facebook regarding why you’re not receiving your approval code.
I can not find any Option named Log in approvals. In the SeCurty setting…. is this feature disabled now????
Login Approvals is there. If somehow you don’t see it, you’ll need to contact Facebook about it. https://www.facebook.com/help/148233965247823
facebook changed recently Terms of Service and now have great authority to gather information from my computer. How can I prevent it. I now only use Facebook in my smartphone not my computer. Is this the only way to defend.
This blog post is on Login Approvals. If you need assistance regarding Facebook TOS, please contact Facebook directly.
Once I login in with an approval code on an unrecognized device. Do I need another code to login on the same device?
No, you do not need another code.
It’s a shame you don’t have a donate button! I’d certainly
donate to this excellent blog! I suppose for now i’ll settle for book-marking and adding your
RSS feed to my Google account. I look forward to new updates and will share this
blog with my Facebook group. Chat soon!