Are you still relying on just passwords to protect your online accounts? I hope not.
Because you can do better. Two-step verification, for instance, allows you to sign into accounts with something you know (your password) and something you have (a code sent to your phone).
That means that even if your password is guessed or phished, an attacker will find it difficult to access your account as (hopefully) they won’t also have your phone.
In an earlier article I explained show to protect your Twitter account with Two-Step Verification (2SV)… or, as Twitter calls it, “Login Verification.”
Let’s face it, Two-Step Verification isn’t too sexy of a term.
That’s why Twitter and other companies use creative phrases to describe their implementation of this additional layer of security.
Facebook calls it “Login Approvals.” That’s…umm… better?
In this guide, I will show you how to enable login approvals, aka 2SV, on your Facebook account.
1. Log into your Facebook account using a web browser. At the top right of the Facebook display window, you will see an icon in the shape of an arrow pointing downward. Click on that icon.
2. A menu will drop down from the arrow icon. You can use this menu to create a group, set up a business page, and view your account settings. That lattermost option is what we’re looking for.
Scroll down and click on “Settings.” It should be located right under “News Feed Preferences.”
3. The page for your account settings will load up. Here you’ll find some basic information about your profile, including your name and registered email address.
To the left, you’ll see a sidebar where your account settings are grouped into a number of clickable sections. Click on the “Security” section, which should appear just under “General.”
4. The Facebook Security page serves as the central hub for a lot of great features. It is here that you can manage your FB apps, get an alert sent to your device when someone attempts to log into your account, and even manage an OpenPGP key to enable encrypted notifications.
We’re interested in “Login Approvals.” Click on that feature. It should appear the second from the top right under “Login Alerts.”
5. Some text will appear asking you to require security codes whenever you attempt to access your account from an unknown computer, device, or browser. Check the box located next to the text.
If you have not save your mobile phone number with Facebook, a dialog box will appear informing you that login approvals uses your mobile device to send you security codes. You will therefore need to set up your Facebook account on your device. Click on the “Get Started” button to begin the process.
6. Another dialog box will appear. Select which type of device you use. Once you do, some text will inform you that you need to have the latest version of the Facebook mobile app installed on your device. You can download the app here: https://www.facebook.com/mobile/.
Once you have set up your account on your device using the Facebook mobile app, return to your web browser and click on the “Continue” button in the Facebook dialog box.
7. Facebook will then prompt you to activate Code Generator, a means by which to receive security codes on your mobile device. It works very similar to Google Authenticator in that its codes are time-sensitive.
On your Facebook app, click on “Menu.” It should appear as three horizontal lines near the top of the display window.
8. Scroll down to the “Help & Settings” section and click on “Code Generator.” It should have a circular image of a locked padlock next to it.
9. Click on “Activate,” which will then successfully enable the Code Generator on your phone.
10. Once Code Generator is set up on your device, return to your web browser and click on the “Continue” button to turn on security codes for your account.
11. At this point, Facebook will ask you to enter the security code that appears on your mobile device via Google Authenticator into the web browser text field. Enter in the code. If you submit the correct number combination, a green check mark with the text “It worked!” will appear next to your entry.
Hit the “Confirm” button to submit your entry.
12. Another dialog box will then appear stating that in the event the Code Generator does not work, Facebook will send you security codes via SMS text messaging to your phone. Click on the “Continue” button.
13. Facebook will then ask you to add your mobile phone number to your timeline for this backup security code feature. Enter your number into the “Phone number” text field and click “Continue.”
14. In the new dialog box, enter in the code that you should have received via SMS text messaging to your device and click on the “Confirm” button.
15. Almost there! For security purposes, Facebook will ask you to re-enter your password in a dialog box. Do so and click “Submit.”
16. As the final step, a new dialog box will appear indicating that you will now receive security codes whenever you attempt to log into your account from a new browser.
You have the option of disabling security codes for the first week. I advise against this. You want the added layer of security now.
With that in mind, check the box labeled, “No thanks, require a code right away” and click the “Close” button.
17. And you’re done! Now whenever you attempt to log in to your account via a new web browser, this window will appear after submitting your username and password.
You should also receive a notification to your phone prompting you to enter a security code that appears on your device via Code Generator. Enter that code into the text field and click “Continue.”
(NOTE: You will have the option of telling Facebook to remember the browser you are using so that you don’t need security codes the next time you log in with that computer, browser, or device. Save that browser ONLY if the computer/device is private and not shared with people you do not trust.)
Once you’ve completed that step, you will be directed to you Timeline.
May you enjoy the many wonders of Facebook knowing that your account is now protected by an additional layer of security!
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
4 comments on “How to better protect your Facebook account from hackers”
Are there advantages of going through the Rube Goldberg-like process of getting the Code Generator linked to your account instead of implementing the simple SMS transmission of the code to your phone?
The advantage is to Facebook – they don't have to pay to send you an SMS each time.
They have over 1 billion users and whilst not all users have activated 2SV, if they did it'd become very expensive very quickly (unless they were to use WhatsApp which they now own to deliver the code).
When I logged in, the options were slightly different on the "security settings" page; below "Log in alerts" it said "Code generator", not "Login approvals". Within this feature I clicked on the option "Set up another way to get security codes" because I don't have the Facebook app on my phone. Then I used the Google Authenticator on my phone to capture the QR code and then typed the code it generated into the FB page to complete the process.
also read some more here –