I’ve been talking to this person on the net. I don’t have Facebook. But suddenly a Facebook code has come to me via SMS, and this person is asking for me to send the code to them. If I do does this mean they can access all my data and wife and friends Facebook?
Never share secret codes with anyone. This is possibly the easiest question I’ve ever received, actually. But let’s dig into it a bit more because if you’ve made an online friend, it’s entirely possible that they aren’t who you think they are. The fancy word for that is catfishing, though it’s typically used to refer to a potential romantic interest who’s just scamming you. Still, there are criminals all over the Internet so it’s not a leap to figure that some identity thief is playing a similar game.
Based on your question, I conclude that this person knows a fair bit about you, including your smartphone number and your email address. If you have a trivial password like your wife’s name then they might even have tried to hack into your Facebook account. Don’t have one? Maybe you did 7 years ago and have forgotten about it? Or they’re setting up an entirely new one with your email address, their password, and a two-factor authentication to prove that it’s you. How’s that last part done? By sending you a secret code from Facebook that you share with them and they type in. No!
More likely, however, is that at some point you set up that same “send me a secret code so I’m more secure than just using a password that can be guessed” feature on Facebook. This third party user tried to log in to your account, successfully hacked or guessed your password [note: see how to create secure passwords] and then had Facebook blithely send your phone that secret code. You have no idea what’s going on, but they text you and have some goofy story about why you need to send them the code ASAP before it expires.
Fortunately instead of falling for it, you actually asked me if it was legit, and obviously it is not.
Whether it’s Facebook, eBay, PayPal or any of the other services that support two-factor authentication, you should never, ever share that code with anyone else. Even if it’s your wife asking, I would triple verify it’s really her not someone who stole her phone, for example, or is spoofing her number to trick you.
Here’s more from Facebook on these security codes and how you can set it up to get alerts if anyone ever does try to log in to your Facebook account: “Two-factor authentication is a security feature that helps protect your Facebook account in addition to your password. If you set up two-factor authentication, you’ll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a computer or mobile device we don’t recognize. You can also get alerts when someone tries logging in from a computer we don’t recognize.”
Be careful out there! An ounce of skepticism goes a long way in the digital world.
