Facebook has finally introduced two-factor (2FA) authentication to users who are not willing to share their phone numbers. Instead of giving away such highly sensitive personal details, users are now welcome to try out Facebook’s 2FA via authenticator apps where they will receive the second authentication factor.
More about Two-Factor Authentication
Also known as 2FA or 2-step verification, it is a technology that has been around for quite some time. Patented in 1984, 2FA provides identification of users based on the combination of two different components. During the last few years, 2FA has been regarded as a secure way of user identification.
The change was announced by Facebook’s product manager Scott Dickens:
We previously required a phone number in order to set up two-factor authentication, to help prevent account lock-outs. Now that we have redesigned the feature to make the process easier to use third-party authentication apps like Google Authenticator and Duo Security on both desktop and mobile, we are no longer making the phone number mandatory.
Interestingly, NIST (National Institute of Standards and Technology) is not recommending the employment of SMS-based 2FA as it this method has proven vulnerable to malicious attacks
Furthermore, in 2016, researchers were able to prove that 2FA is not as secure as previously thought. The various types of social engineering can easily trick the user into confirming their authentication codes. How could this be done? According to Nasir Memon, Computer Science professor at Tandon School of Engineering, the crook would simply need to ask the user for the official verification code.
How? By sending a second, falsified text message or email asking the user to forward the original one. Prof. Memon has seen this happen multiple times. This type of 2FA is mostly used across the Internet to verify the identity of a user who has lost their password. Such codes are usually embedded in an email hyperlink.
Facebook hasn’t reported the number of users who have already enabled 2FA via SMS (the type now regarded as potentially dangerous).
How to Enable Facebook Two-Factor Authentication App
Users need to go to Settings > Security and Login, and press the Edit button next to the Use two-factor authentication option. Then the instructions should be followed after the Get Started button is pressed.
Then, users should choose the 2FA via Authentication App option, which can be set up by scanning the offered QR code. Once this is done, users should confirm the set up by entering the confirmation code provided by the app. Users are also granted the option of allowing logins without a code for 1 week.
Once 2FA is configured, Facebook will ask for the login code any time users log in on a phone or computer which is not recognized by the service.
So, are you willing to try the new 2FA offered by Facebook? Let us know in the comments section below!