Facebook Changes Two-Factor Authentication

Facebook Changes Two-Factor Authentication
Image: Facebook

Until now, in order to use two-factor authentication (2FA) with your Facebook account you needed to give Facebook your phone number. Which seemed a little dumb as, in order to improve your privacy, you needed to give the largest data collection service in the world more data. But that’s changed with a new 2FA system coming into play that lets you use third party authenticators.

Facebook now accepts apps like Duo Security and Google Authenticator to provide the second authentication factor. The company outlined the changes in a Facebook note. The review in how Facebook implemented 2FA was needed after some problems were detected in the old system resulting in double posting of updates and messages going to mobile phones even though that option was not selected and was in the process of being fully deprecated from Facebook’s systems.

The ability to use an alternative to Facebook’s 2FA is a welcome move for those who feel they need Facebook but want to ensure they don’t put all their trust eggs in one basket.

And I’m not being cynical about the timing. This annoucement comes as Mark Zuckerberg was facing a grilling about his company’s practices in the European Union – a hearing which has resulted in widespread criticism of his responses.

Following his appearance at a US Congress Hearing, Facebook made a number of announcements about service improvements. It seems his PR machine is following the same playbook, using announcements about service improvements to dilute any criticism about his testimony.


    • Yep, me too. I’ve been using Microsoft Authenticator as 2FA for Facebook for a number of years. I wonder what they’ve actually changed.

  • The article is a bit misleading. These are the changes, copy/pasted from the FB post:

    We’ve made it easier than ever to enable two-factor authentication with a streamlined setup flow that guides you through the process.
    We’ve also expanded the ways in which you can secure your account with a second factor by ensuring that people can enable two-factor authentication without registering a phone number.

Show more comments

Log in to comment on this story!