By default, anyone who has your username and password can login to your Facebook account. But an awesome security measure called "login approvals" allows you to control exactly who signs into your account, by getting a numeric code from the Code Generator (mobile Facebook app), or by sending you a security code without which the person can't access your account! First, you'll need to add a cell phone to Facebook (one that supports SMS text messages), because that's how you'll retrieve or receive the security code needed. This tutorial shows you how to turn on login approvals, how the two-step sign-in process works when they are enabled (aka "
two-step authentication"), and how to turn them off.
Note: another security feature you should know about is "Login Notifications", which are sent by email, text message, or both. Whenever someone tries to log into your account from a non-trusted device (either new device / web browser, or one that was never saved as a trusted device). Easily secure your account by enabling both login approvals and login notifications!
Quick Steps to turn on Login Approvals for your Facebook account:
Once logged into your account, click on the dropdown arrow (top right corner of the page), and select "Settings". On the next screen, go to the "Security" options on the left. And click on the Edit link next to Login Approvals.
Check the "Require a security code to access my account from unknown browsers" checkbox, and click "Get Started" when the wizard opens. The first screen basically tells you that you'll use Facebook's Code Generator to get the one-time security code needed to login to your account. If you don't have access to Code Generator, Facebook can send you an SMS text message instead (not to landlines, not to Google Voice). Click Continue.
What is the Facebook Code Generator? the code generator is a feature available in the official Facebook mobile app for iOS (iPhone, iPad, iPod touch) and Android (Samsung Galaxy phones, Nexus tablets, Kindle Fire HD, etc.) All it does is generate security codes that change all the time. When you cannot receive security codes by SMS text message, you'll use Code Generator to get your code for the two-step login process, after having entered your password.
Within seconds, you'll receive a six-digit security code sent to the mobile phone number you've added to your account - if you don't receive the code, double-check or change the primary cell phone number you've registered (in case you have multiple phones!) Enter it and click Continue:
If you entered the correct code, you'll now be looking at the "Login Approvals Setup is Complete" screen. Before moving on, Facebook gives you a choice, to make the transition easier: "
For the first week, in case you don't have your phone, you can turn off Login Approvals without a security code". This gives you a chance to get accustomed to the new system, since once login approvals are enabled, you'll need your cell phone to access the Code Generator in the mobile app. The more secure approach is to check the "No thanks, require a code right away" checkbox, but make sure that you always have your phone with you in that scenario! Either way, click on the Close button when you are done:
Tip - if you are concerned that someone might have access to your Facebook account, you should change your password: during that process, you'll have the option to force-logout anyone (app on mobile devices or web browsers). If you just forgot to sign out from a computer or device to which you don't have access, check your login history: it lets you remotely logout anyone currently logged in.
Your account's Settings screen now reflects the new options: make sure that the correct phone number is setup to receive these text notifications. If you click "Remove" next to Code Generator, you will only be able to answer login approvals by receiving a security code sent as SMS to your mobile phone; as things are, you have the option of using the mobile app's Code Generator:
You can turn on login notifications straight from your cell phone or tablet, using the official Facebook app: to do so, tap on the menu button (three horizontal bars icon). On iPhone and iPod touch, it is in the lower right hand corner; on the iOS app for iPad, it's in the top left corner; and on Android devices (at least Amazon's Kindle Fire HD tablet), the menu button is in the top right corner of the screen. Next, scroll down and tap on Settings; finally, select "Security". Tap on the "Login Approvals On" checkbox to enable or disable the feature: (this affects your entire account, not just the mobile app!)
Sign in as you normally do, with your username (email address / cell phone number), and your password. Assuming you've entered everything correctly, you'll get an intermediate "
Enter Security Code to Continue" screen. You now need to get your security code from the official mobile Facebook app: in it, tap on the menu button (its icon consists of three horizontal bars, and is located on one of the corners of the screen - depending on which platform and format (phone/tablet) you are using).
Then, scroll down until you see "Code Generator". Tap on it, and you'll get a screen that automatically generates a new six-digit security every 30 seconds. Type it inside the text box, and click Continue. If you entered the correct code, you'll be redirected to your Facebook homepage; otherwise, look at the Code Generator, and re-enter the code:
Note: if you don't have the app installed on your cell phone or tablet, you can get your security code sent to your mobile phone as an SMS text message. To do that, click on the "Can't find your code?" link at the bottom of the form. Within seconds, you'll get that text - just enter the code Facebook sent you, and click "Continue". This process works just like hardware security dongles: based on a variety of factors, a code is generated on-the-fly, but is predictable by the server - PayPal offered a USB security dongle at one point. It's like having a "one-time password" generator on top of the regular authentication process: that's why it's called "two step" authentication.
Whenever someone tries to sign into your Facebook account -even if the login attempt failed- you will now about it: the next time you login, here's a screen you will possibly run into: "
Review Recent Login - Someone recently tried to log in to your account from an unrecognized computer or mobile browser. Because you enabled login approvals, your account is temporarily locked. Please complete the following steps to regain access to your account". This sounds a lot scarier than it actually is! Just click Continue, and you'll see a map with the approximate location of that login attempt, including the date, time, and browser used:
If you know that it was you, or someone authorized to access your account / page, click "This is Okay"; what happens when you click "I don't recognize" depends on Facebook: even if the person was not able to login to your account, do report that failed login - you might not realize it at the time, but it's possible that a lot of people in your area have had failed sign-in attempts made to their account. With that information, Facebook's security team can trace those back to the origin - some patron at a local coffee shop that provides a free Wi-Fi connection, for example.
If you want to turn off login approvals, follow the same steps: dropdown arrow button > Settings > Security.
Then, click on the Edit link next to Login Approvals.
Uncheck the "
Require a security code to access my account from unknown browsers" checkbox, and click "Save Changes".