Beefing Up Facebook Security: How To Set Up Two-Step Verification

One way to make it harder for bad guys to access your online accounts is to require more than a username and password to access an account.

Google uses a two-step verification process tied to account credentials and your mobile phone. So does Facebook.

And as Alex Howard points out, security has always been important but events are conspiring to suggest just how important.

Learn how to set up two-step verification on your Facebook account. Important for anyone, the higher your public profile, the more important.

This means journalists, professors engaged in public scholarship (especially when controversial), celebrities (authors, musicians, actors, directors, models, athletes ….), politicians (of all stripes, elected or candidate), political appointees, judges and high profile lawyers … anyone who manages a Facebook page for someone else …  the list goes on.

Setting up two-step verification on Facebook

Facebook calls the system, introduced in 2011, login-approvals. First, Facebook maintains a list of your approved devices/browsers. Second, when anyone tries to access your Facebook account from a new device or browser, they’ll be prompted to enter a code that has been sent via text to your cellphone.

Here’s how to set it up.

1. Login to Facebook. To access account settings, click on the gear in the upper right hand corner of your browser; then select “Account Settings”.

2. Select “Security” from the left navigation bar.

3. Activate “Login Approvals” by ticking that check box.

This means that when you try to access your Facebook account from a computer or phone for the first time, you will be prompted to enter a code sent to you via text. If someone is maliciously trying to access your account, they will be unable to do so (unless they have your cellphone).

4. The approved browser/device list.

When you access Facebook using this process, Facebook adds the device/browser to a list of approved (recognized) devices. No additional security code required when accessing your account from this list. This means that anyone who uses a known browser/computer combination to access your Facebook account will be able to do so if he knows your login credentials (username and password).

Facebook prompts you to name the browser; this makes it easier to de-authorize a specific device. I’ve chosen to lead with the computer name (MBP = my MacBookPro laptop) and follow with the browser.

5. Tell Facebook the kind of phone you have and your phone number. Then authorize your phone.

In order to send you the confirmation text, Facebook needs to know the kind of phone you have and your phone number. The system cannot (or will not) send texts to a GoogleVoice number, for example.

6. Set up your phone to receive the texts. (You must have the Facebook app installed on your phone to complete this step.)

Facebook is confirming that you have access to the phone/phone number that you are associating with the system. Typos caught here.

The Facebook app generates a code on your phone that you will then type into the field in your browser.

What if I don’t have a texting plan?

You can use the Facebook account center to generate a security code to use in the absence of a cellphone.

7. Approvals complete.

You can postpone implementation for a week.

Other Security Features

• Turn on secure browsing (https) by default
  
  
• Turn on notifications when your account is accessed from a computer or mobile device for the first time. I have mine sent to email; this can serve as a reminder of when you accessed your Facebook account from a new computer. If it’s a one-off, this is a reminder to login to “Active Sessions” and end that session (activity).However, if you want the next attempt to access your Facebook account from that device to trigger the two-step verification, you will need to also delete the device from the Recognized Devices list.
  

Conclusion

Securing online accounts should be a priority for all of us, but especially for people who have public personas or who manage accounts for others. Take 10 minutes now; save a lot of grief later.