I really like how Google has a new 2-step login process [see Enable Google 2-Step Account Verification] and am wondering if Facebook has something similar, where my account and password are insufficient for someone to log in to my account?
There’s no question, poorly-thought-out passwords and account security systems are a problem for everyone. Even a fairly daft hacker can download a wifi sniffer and grab account and password pairs off the airwaves in a cafe or other public place. Indeed, I believe that the current era of login + password pairs is going to fade away, replaced by better and more robust identity verification systems.
My personal favorite is biometrics — I have a Windows laptop that I log in to by swiping my index finger across a sensor, for example — but that’s hard to deploy widely.
What we do all seem to have, however, are cellphones, and therein lies the secret to 2-step verification systems (or what Facebook calls “login approvals”): you need your password and access to your previously registered mobile device, which is sent a unique one-time numeric code that you also enter to demonstrate you’re you. Google has an even slicker system with a one-time number pad application that generates six-digit codes based on the time, date and your account credentials. As I write this, for example, “Authenticator” is showing me 857832.
Facebook was a bit late on the bandwagon, but they too now have a similar system and I strongly encourage everyone to sign up for it and add the additional layer of security to your Facebook account. Called login approvals it requires the additional numeric code only when you try to log in to your account from a computer that Facebook’s never seen you use before. This is optimal if you think about it because your work and home machines? They’re well known and it doesn’t get in the way. Someone grabs your password information at a local Starbucks, however, and when they try to log in it fails. Better, you then get a text message associated with an unknown login attempt and can take corrective action (like changing your password).
Sound smart? Yeah, it is. So let me show you how to enable it!
Log in to your Facebook account, then choose “Account Settings” from the “Account” menu on the top right:
On the Account Settings page, scroll down until you find the section called “Account Security”:
As you can see, the option you want is labeled “Login Approvals”, though I’ll make a slight sidetrack here and highlight that the first is also smart to set up and quite possibly the second too. Take a close look at both: it’s easier to keep things tightly battened down than to close the barn door after the mixed metaphor cows escape.
Choose “Require me to enter a security code sent to my phone” and it’ll pop up a window that explains what you’re enabling and confirm you really want to do it. You do. Here’s what you’ll see:
Okay, that’s fair. Click on “Next” to proceed…
Now enter your cellphone number, and remember that you’re responsible for any text message charges, not Facebook, but if you don’t use lots and lots of different computers, you’ll rarely if ever see these messages anyway. Click “Continue”.
On your cellphone — I have an Apple iPhone 4 — you’ll very quickly receive a text message from Facebook that’ll look like this:
Meanwhile, on your computer screen, it’ll have switched to a window that requests you enter that verification code:
Enter the verification code — it’ll look like “pxd7tr” or similar — and click on “Continue”. For future reference, it’ll ask you to assign a name to the computer you’re currently on:
I suggest something mnemonic like “MacBook @ Work” or “Vaio” or similar. Enter your choice then click “Continue” one last time…
That’s all there is to enabling 2-step sms-based account verification in Facebook. Now, stop reading and go do it! Someday you’ll thank me.