The best way to secure your Facebook account is to enable two-factor authentication (2FA), formerly known as login approvals. Once enabled, you will need a login or verification code every time you want to log into your Facebook account from a new device. This feature will protect your account from hackers, even if your password is weak.

Facebook can deliver the login code to your mobile phone number. Alternatively, you can use an authentication app or Facebook's own Code Generator app on your phone or tablet to "manually" generate a code. If you set up all supported 2FA methods, you'll be able to log into Facebook, even when you're offline or can't receive text messages.

Let us show you how to set up two-factor authentication and Code Generator on your mobile device. We've illustrated these steps on Android, but they should work just the same on an iPhone.

What Are Facebook Login Codes?

Facebook uses login or confirmation codes, also known as two-factor authentication, as an additional layer of security. 2FA will make it harder for someone to hack your Facebook account. If someone tries to log into your account from a device that you haven't previously authorized, they will need both your password and a login code.

Enter Your Login Code window as shown on the desktop version of Facebook.

Moreover, when someone attempts to log into your account from another computer—and if you don't use an authentication app—you will receive an indirect notification of this login attempt in the form of a text message containing a security code.

That said, you can also enable login alerts and have them sent to your email address, Facebook, or Messenger account. In your Facebook mobile app, tap the hamburger menu, expand Settings & Privacy, select Settings > Password and Security > Get alerts about unrecognized logins, and enable your preferred login alerts. We highly recommend enabling email notifications.

How to Set Up Two-Factor Authentication

Facebook's two-factor authentication requires a mobile phone number or an authentication app. If you'd like to use a phone number for two-factor authentication, note that you can no longer use that same number to reset your password.

How to Add a Phone Number to Facebook

You can add a phone number while setting up two-factor authentication. If you'd like to make sure that you have a current phone number on record or add a second one before you start the process, here's how to do it:

  1. Tap the hamburger menu in the Facebook mobile app
  2. Expand Settings & Privacy
  3. Navigate to Settings > Personal and Account Information > Contact Info

You can add as many numbers as you like, and we highly recommend that you add at least two. Note that adding a number will automatically enable text notifications to the last-added number, something you might want to disable.

How to Enable Two-Factor Authentication on Facebook

To enable two-factor authentication, navigate to Settings > Password and Security > Use two-factor authentication, choose whether you want to use an Authentication App, Text Message (SMS), or Security key and follow the on-screen instructions to set up your choice.

2FA via Text Message (SMS)

When you tap this option, all you have to do is select the phone number you'd like Facebook to use. As mentioned above, you can also add a new phone number while setting up two-factor authentication.

After you finalize the setup, you can always go back and change the phone number. Each time you do that, you'll have to enter a confirmation code sent to the new phone number.

2FA via Authentication App

When you choose to use a third-party authentication app, you can scan a QR code, set it up on the same device, or manually enter a code into the desired authentication app.

We went with the third-party app, and it was all done in a matter of seconds. Note that when you return to Facebook, you'll have to enter a confirmation code from the app to finalize the setup.

Always Set Up Backup Facebook Recovery Methods

After you've turned on two-factor authentication, be sure to keep your phone number(s) up to date and always have an authorized device as a backup to log in or change your settings. Most importantly, however, set up the following backup security methods:

  1. A phone number that can receive recovery codes via text message. This can be the same number you've already added, but you'll have to confirm it as a backup method.
  2. An additional authentication app; on a separate device, for example.
  3. Recovery codes that you can digitally or manually copy and store in a save place.

All of these methods are available under Settings > Password and Security > Use two-factor authentication. You can also go back to update or disable any of these methods.

How to Set Up Code Generator

While you can set up and access most features described above from Facebook in your browser, Code Generator is a feature exclusive to the Facebook mobile app. If you had the app installed all along, Code Generator should be available already.

When you first log into the Facebook mobile app and have already set up two-factor authentication, you will need a security code to complete your login. Inside the Facebook app, open the hamburger menu, head to Settings > Password and Security > Code Generator, and Activate it. That's it.

The next time you want to access Facebook on a new device and cannot receive a text message, for example, if you don't have a signal or switched SIM cards, you can use Code Generator instead. Simply open your Facebook app, head to the Code Generator, and long-tap the code to copy it to your device's clipboard.

Should you ever lose access to Facebook Code Generator (for example, if your phone was stolen), you can log into Facebook from a recognized device, log out on your phone, and remove Code Generator. Until you get your phone back, you can also set up a third-party app to generate codes.

Keep Your Facebook Account Secure

Once you have straightened out your personal information, security settings, and backup recovery methods, you should never struggle to recover your Facebook account login. If you want to verify that you've sufficiently protected your Facebook account, try Facebook's Privacy Checkup tool and see if you can make any other improvements to keep your account secure.

If you're ever concerned that your account is compromised, check whether anyone accessed your Facebook account and from where. You can also log them out of your account straight from the Facebook interface.