Facebook is improving its two-factor authentication feature by introducing two new functionalities. The two-factor authentication tool essentially facilitates additional layers of security for online accounts. In its regular incarnation, it connects accounts to a mobile device and sends time-based one-time passwords (TOTP) for additional authentication. With the new 2FA feature update, Facebook has made it easier to enable two-factor authentication by creating a streamlined setup flow that guides users through the process. It also gives users more options in which they can secure their account with a second factor - an authenticator app - thus ensuring that even users without a phone number can enable two-factor authentication.
Two-factor authentication is considered a gold standard of security for many reasons. Even if someone were to guess your password or it got leaked as part of a hack, no one can log in to your account without physical access to your second factor device. In the case of Facebook, it previously required you to submit your phone number to receive a six-digit code on your associated phone via text message. However, now, when you sign up for two-factor authentication, Facebook will walk you through the process explaining how it works and offer you the option of using an authentication app such as Google Authenticator or Duo Mobile to generate login codes, rather than just the option of a text message.
Scott Dickens, Product Manager at Facebook, says "Two-factor authentication is an industry best practice for providing additional account security. We continue to encourage enabling two-factor authentication to add an extra layer of protection to their Facebook account."
In order to enable two-factor authentication, log in to your Facebook account and go to the Settings menu and click on the Security and Login tab. Further, select the option to enable two-factor authentication, then follow the setup to complete the process.
While the two-factor authentication is a vital part of protecting online accounts that adds a second layer of security, a report earlier this year said that over 90 percent of active Gmail accounts don't use the feature.
Though the security feature does provide meaningful protection, it has its limits. Recently, Facebook users had reported that they were receiving SMS notifications from the social media website after signing up for the two-factor authentication security feature. However, Facebook had responded to the issue saying that it was a bug, and that such notifications were not meant to be sent.