If You’re Not Using 2FA on Facebook, You’re Asking for Trouble; a setup guide

Published by Dan on

Why should you secure your Facebook account with two-factor authentication?

Because you don’t want to have to post this: 

The image shows a social media post (appears to be Facebook) dated January 29. The post content reads "Do not accept any friend requests from me......so annoying!" Below the post are standard interaction options including "Like," "Comment," and "Send" buttons. At the bottom is a comment field that says "Comment as Dan Christ" with emoji reaction options to the right.
Not the post anybody wants to send.

I’ve used Facebook since Jan. 19, 2008. More than 17 years of my memories and messages are sitting on Meta’s servers, and it could all be erased or exploited if a hacker takes control of my account.

That’s likely not going to happen because I set up two-factor authentication, or 2FA, on Facebook years ago. While it’s doesn’t guarantee security, using 2FA on all accounts which permit it is the smartest way to protect your online information today.

It’s not just about my pictures, right? It’s about my reputation, the safety of the people I’m connected with, not to mention the time I would need to waste working with Meta’s notoriously slow-to-respond customer service if hacked.

So What?

According to insights from a NordVPN 2021 U.S. online survey as seen on Statista37% of people who used social media had at least one of their profiles hacked.

Statistic: Social media platforms on which hacking occurred according to users in the United States as of April 2021 | Statista
Find more statistics at Statista

More than three-quarters of the hacked accounts were Facebook accounts.

Still not convinced?

Go to Facebook. In the search box, type “do not accept,” and look at the recent time stamps of the posts which appear.

You can avoid sending that post of pique by enabling 2FA on Facebook.

What is 2FA?

Two-factor authentication – 2FA – provides an added layer of security beyond a password.

The image shows the torso and partial upper body of a person wearing a light blue button-up shirt with rolled-up sleeves. They are wearing navy blue suspenders with brown leather details attached to navy blue dress pants. A brown leather belt is visible at the waist. The photo is cropped at the upper chest, not showing the person's full face, and has a professional, fashion-forward styling. The image has a watermark reading "Meta AI" in the bottom right corner, indicating it was likely generated by AI.
Meta AI. Prompt: Generate a simple and uncluttered image of an American man wearing simple attire featuring both suspenders and a belt.

This is a visual depiction of 2FA. In the image, a guy wears both suspenders – a strong password – and a belt, or two-factor authentication.

With 2FA in place, if a hacker cracks your account password, akin to popping a suspender clasp, your information, and your dignity is still safe. 2FA protects your information even if a password is compromised.

Let’s Get Started

You need a couple things to begin setting up 2FA:

  • A Facebook account: more than 75% of us have one
  • Your account password: refer to this post if you’re still writing down passwords
  • An authentication method: text message, app, or key
  • Five minutes

Don’t Have A Strong Password?

If you have used your Facebook password on any other personal or professional account, change it now.

  1. In the mobile app, select “Menu” in the bottom right corner.
  2. On the next screen, in the top right corner, select the gear.
  3. On the “Settings & privacy page,” in the search box at the top of the page, type in “password.” Select “Password and security.”
  4. On the “Password and security” page, select “Change password” and follow the prompts.
  5. When offered the chance to enter a new password, have your password manager provide a strong one.

No password manager?

Please use one! Here’s why

And if you’re not sure how to get started, I can help you with that.

Set Up 2FA 

Facebook gives you three options for 2FA: receive a text message, use an authenticator app, or use a security key. I recommend using an authenticator app because security keys are not free, plus you probably need two of them, and text messages can be spoofed or hacked in a SIM swap.

When you use an authenticator app, it generate a six-digit code which change every 30 seconds. The codes are never sent over a network, so a hacker can’t intercept them. You type the code into the site or app to gain access after entering your password. 

Bitwarden is my “go to” tool for 2FA. I’ve recommended its password manager before, and the same military-grade encryption works well for authentication tokens. 

Your 2FA codes live alongside accout login details in Bitwarden. They’re easy to find and, on many websites, easy to paste into a dialog box.

To set up 2FA, I usually use two devices: one which is signed into Facebook, and a second one signed into Bitwarden. I used a laptop and a smartphone for these examples.

On the laptop, in Facebook, navigate to the Password and security section in Account settings. Click on Two-factor authentication to begin.

In this video, I walk you through how to set up 2FA on Facebook.

If you only have a smartphone at hand, you can still set up 2FA. If you want see a video of that, or would like me to help you set up 2FA on your Facebook account, please let me know.

Once 2FA is set up, and you’ve synced your vaults between your two devices – hint: close your browser and re-open it if you have the Bitwarden browser extension installed – it’s time to test it. Log out of Facebook, then log in using your password and 2FA.

When prompted for the six-digit code, use Bitwarden, or your authenticator app of choice, to grab the codes and type them into the dialog box.

The process will look something like this.

Put on Your Belt and Suspenders

Yes, this can feel like a lot: an authentication app, six-digit codes that expire in 30 seconds, and an extra step when you just want to see pictures of the grandkids. 

In fact, it is a lot.

If it’s too much, simply set up 2FA using the text message option. Some added security will be better than no added security, especially considering less than half of social media accounts were protected by 2FA as recently at 2021.

Don’t get hacked. Protect yourself today.


0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *