The best way to secure your Facebook account is to enable two-factor authentication (2FA), formerly known as login approvals. Once enabled, you will need a login or verification code every time you want to log into your Facebook account from a new device. This feature will protect your account from hackers, even if your password is weak.
Facebook can deliver the login code to your mobile phone number. Alternatively, you can use an authentication app or Facebook’s own Code Generator app on your phone or tablet to “manually” generate a code. If you set up all supported 2FA methods, you’ll be able to log into Facebook, even when you’re offline or can’t receive text messages.
Let us show you how to set up two-factor authentication and Code Generator on your mobile device. We’ve illustrated these steps on Android, but they should work just the same on an iPhone.
What Are Facebook Login Codes?
Facebook uses login or confirmation codes, also known as two-factor authentication, as an additional layer of security. 2FA will make it harder for someone to hack your Facebook account. If someone tries to log into your account from a device that you haven’t previously authorized, they will need both your password and a login code.
Moreover, when someone attempts to log into your account from another computer—and if you don’t use an authentication app—you will receive an indirect notification of this login attempt in form of a text message containing a security code.
That said, you can also enable login alerts and have them sent to your email address, Facebook, or Messenger account. In your Facebook mobile app, tap the hamburger menu, expand Settings & Privacy, select Settings > Security and Login > Get alerts about unrecognized logins, and enable your preferred login alerts. We highly recommend enabling email notifications.
(Click the screenshots to view them at full-size so you can follow the steps.)
How to Set Up Two-Factor Authentication
Facebook’s two-factor authentication requires a mobile phone number or an authentication app. If you’d like to use a phone number for two-factor authentication, note that you can no longer use that same number to reset your password.
How to Add a Phone Number to Facebook
You can add a phone number while setting up two-factor authentication. If you’d like to make sure that you have a current phone number on record or add a second one before you start the process, here’s how to do it:
- Tap the hamburger menu in the Facebook mobile app
- Expand Settings & Privacy
- Navigate to Settings > Personal Information > Phone Number
You can add as many numbers as you like, and we highly recommend that you add at least two. Note that adding a number will automatically enable text notifications to the last-added number, something you might want to disable.
How to Enable Two-Factor Authentication on Facebook
To enable two-factor authentication, navigate to Settings > Security and Login > Use two-factor authentication, choose whether you want to use an Authentication App or Text Message (SMS), and follow the on-screen instructions to set up your choice.
2FA via Text Message (SMS)
When you tap this option, all you have to do is select the phone number you’d like Facebook to use. As mentioned above, you can also add a new phone number while setting up two-factor authentication.
After you finalize the setup, you can always go back and change the phone number. Each time you do that, you’ll have to enter a confirmation code sent to the new phone number.
2FA via Authentication App
When you choose to use a third-party authentication app, you can scan a QR code, set it up on the same device, or manually enter a code into the desired authentication app.
We went with the third-party app and it was all done in a matter of seconds. Note that when you return to Facebook, you’ll have to enter a confirmation code from the app to finalize the setup.
Always Set Up Backup Facebook Recovery Methods
After you’ve turned on two-factor authentication, be sure to keep your phone number(s) up to date and always have an authorized device as a backup to log in or change your settings. Most importantly, however, set up the following backup security methods:
- A phone number that can receive recovery codes via text message. This can be the same number you’ve already added, but you’ll have to confirm it as a backup method.
- An additional authentication app; on a separate device for example.
- Recovery codes that you can digitally or manually copy and store in a save place.
All of these methods are available under Settings > Security and Login > Use two-factor authentication. You can also go back to update or disable any of these methods.
How to Set Up Code Generator
While you can set up and access most features described above from Facebook in your browser, Code Generator is a feature exclusive to the Facebook mobile app. If you had the app installed all along, Code Generator should be available already.
When you first log into the Facebook mobile app and have already set up two-factor authentication, you will need a security code to complete your login. Inside the Facebook app, open the hamburger menu, scroll to the bottom, tap Code Generator, and Activate it. That’s it.
The next time you want to access Facebook on a new device and cannot receive a text message—for example, if you don’t have a signal or you switched SIM cards—you can use Code Generator instead. Simply open your Facebook app, tap the hamburger menu in the top-right, scroll down, tap Code Generator, and long-tap the code to copy it to your device’s clipboard.
Should you ever lose access to Facebook Code Generator (for example, if your phone was stolen), you can log into Facebook from a recognized device, log out on your phone, and remove Code Generator. Until you get your phone back, you can also set up a third-party app to generate codes.
Keep Your Facebook Account Secure
Once you have straightened out your personal information, security settings, and backup recovery methods, you should never struggle to recover your Facebook account login. If you want to verify that you’ve sufficiently protected your Facebook account, try out Facebook’s Privacy Checkup tool and see if you can make any other improvements to keep your account secure.
If you’re concerned that your account was compromised, here’s how you can see who accessed your Facebook account (or which devices) and kick them out if needed.
Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.