Do try this at home! If you haven’t taken
advantage of the extra protection that two-factor authentication offers, now is
a great time to do so. And you don’t even need to hand over your phone number.
Facebook has eliminated the need for users to
register a phone number in order to set up two-factor authentication (2FA) in a move intended to get
more users to add in another layer of security, according to a press release by Facebook’s product manager Scott Dickens.
To authenticate logins, the social network
now enables users to employ a third-party app such as Google Authenticator or
Duo Security on both desktop and mobile. The company has also revamped its 2FA
feature with a “streamlined setup flow that guides you through the process”.
“Two-factor authentication is an industry
best practice for providing additional account security and we just made it
easier to set up,” wrote Dickens.
Text messages are the most common second
factor although, due to the vulnerability of text messages to a number of
threats, security professionals have been advising against using SMS for verification for a long
time. Facebook has been offering SMS-based 2FA for a while now and will
continue to do so, but using other means such as a hardware device or an
authenticator app is generally viewed as safer.
There is no word on how many Facebook users
actually use 2FA. On Google accounts, for example, the data are rather grim, as
fewer than one in ten Google account holders utilize 2FA.
What to do?
To enable two-factor authentication on your
Facebook profile, navigate to “Settings”, then to “Security and Login”, and
then to the “Use two-factor authentication” section, where you can choose and
set up your 2FA method of choice. While you’re at it, you may also want to
peruse your other privacy and security settings.
Many online services, including the biggest
players, nowadays offer at least one of the 2FA methods. The availability of
2FA on various online services can be checked on this site.
While not a cure-all, the extra
authentication factor offers a valuable additional layer of protection in
exchange for very little effort. It is safe to say that 2FA would have
prevented countless account break-ins over the years had the legitimate account
holders turned it on.
That said, it should not detract from the
importance of having a strong and unique password or, even better, passphrase.