Beefing Up Facebook Security: How To Set Up Two-Step Verification

FacebookOne way to make it harder for bad guys to access your online accounts is to require more than a username and password to access an account.

Google uses a two-step verification process tied to account credentials and your mobile phone. So does Facebook.

And as Alex Howard points out, security has always been important but events are conspiring to suggest just how important.

Learn how to set up two-step verification on your Facebook account. Important for anyone, the higher your public profile, the more important.

This means journalists, professors engaged in public scholarship (especially when controversial), celebrities (authors, musicians, actors, directors, models, athletes ….), politicians (of all stripes, elected or candidate), political appointees, judges and high profile lawyers … anyone who manages a Facebook page for someone else …  the list goes on.

Setting up two-step verification on Facebook

Facebook calls the system, introduced in 2011, login-approvals. First, Facebook maintains a list of your approved devices/browsers. Second, when anyone tries to access your Facebook account from a new device or browser, they’ll be prompted to enter a code that has been sent via text to your cellphone.

Here’s how to set it up.

1. Login to Facebook. To access account settings, click on the gear in the upper right hand corner of your browser; then select “Account Settings”.

Facebook Account Settings

2. Select “Security” from the left navigation bar.

Facebook Security Navigation

3. Activate “Login Approvals” by ticking that check box.

facebook login approvals

This means that when you try to access your Facebook account from a computer or phone for the first time, you will be prompted to enter a code sent to you via text. If someone is maliciously trying to access your account, they will be unable to do so (unless they have your cellphone).

What is Facebook Login Approval

4. The approved browser/device list.

When you access Facebook using this process, Facebook adds the device/browser to a list of approved (recognized) devices. No additional security code required when accessing your account from this list. This means that anyone who uses a known browser/computer combination to access your Facebook account will be able to do so if he knows your login credentials (username and password).

Facebook prompts you to name the browser; this makes it easier to de-authorize a specific device. I’ve chosen to lead with the computer name (MBP = my MacBookPro laptop) and follow with the browser.

Facebook Browser List

5. Tell Facebook the kind of phone you have and your phone number. Then authorize your phone.

In order to send you the confirmation text, Facebook needs to know the kind of phone you have and your phone number. The system cannot (or will not) send texts to a GoogleVoice number, for example.

Facebook - ID phone

6. Set up your phone to receive the texts. (You must have the Facebook app installed on your phone to complete this step.)

Facebook is confirming that you have access to the phone/phone number that you are associating with the system. Typos caught here.

The Facebook app generates a code on your phone that you will then type into the field in your browser.

facebook login phone

facebook code generator iOS

What if I don’t have a texting plan?

You can use the Facebook account center to generate a security code to use in the absence of a cellphone.

Facebook approvals no cellphone

7. Approvals complete.

You can postpone implementation for a week.

approvals process complete

Other Security Features

  • Turn on secure browsing (https) by default
    facebook-https
  • Turn on notifications when your account is accessed from a computer or mobile device for the first time. I have mine sent to email; this can serve as a reminder of when you accessed your Facebook account from a new computer. If it’s a one-off, this is a reminder to login to “Active Sessions” and end that session (activity).However, if you want the next attempt to access your Facebook account from that device to trigger the two-step verification, you will need to also delete the device from the Recognized Devices list.
    active sessions

Conclusion

Securing online accounts should be a priority for all of us, but especially for people who have public personas or who manage accounts for others. Take 10 minutes now; save a lot of grief later.

4 thoughts on “Beefing Up Facebook Security: How To Set Up Two-Step Verification

  1. […] 3) Drop Facebook. If you don’t drop Facebook, then for Facebook’s latest privacy tools (as of 21 Dec. 2012) Gizmodo provides this privacy guide:http://gizmodo.com/5970373/facebooks-new-privacy-settings-are-here-this-is-what-you-need-to-do-right-now. and this article provides a way to make it harder for unauthorized people to hijack your Facebook account – http://wiredpen.com/2013/02/02/beefing-up-facebook-security-how-to-set-up-two-step-verification/ […]

  2. Permalink  ⋅ Reply

    Sourav Bhattacharya

    July 5, 2013 at 8:30pm

    In my account it’s not showing Login approvals.. What shall i do..?

  3. Permalink  ⋅ Reply

    Ruth

    February 10, 2013 at 10:42am

    Hey. This is great advice but …. checking the “require security code” box does not give me the delivery options your example shows. It gives me only a popup box with no other choices than a phone.

Leave a Reply