One of Facebook’s most important and effective security features aimed at preventing unauthorised access to your account is the Login Approvals feature.
There are many ways your Facebook password could be compromised. You could fall for a phishing scam. You could have key-sniffing malware on your computer or use a shared computer with key-sniffing malware already installed. Or there is always the possibility that a data leak at Facebook (or another company where you use the same password) occurs. Or someone could simply see you type it in.
Login approvals are Facebook’s answer to compromised passwords. It’s a type of 2-Step Authentication, or 2SA, which essentially means having an extra layer of security on your Facebook account. In this case, it means needing to know two different codes to access your Facebook account… your usual login password (of course) and an additional PIN code.
Now, before the prospect of having to enter two pieces of information to access your Facebook account puts you off, the additional second PIN code only needs to be entered if you’re accessing Facebook from an unknown device (a device you haven’t previously used.) If you’re logging in from – for example – your home computer or smartphone, only the standard password is needed (unless you set your browser to remember your login details, in which case you’re logged in automatically as normal.)
Login approvals are particularly effective because if your password does get compromised, no one can access your account without the additional PIN code. When entering the password, an additional PIN code is needed which is sent straight to the phone belonging to the owner of the account, you.
Yes, this does mean having to give Facebook your phone number, which many may be wary of, and we certainly understand given Facebook’s checkered history with their user’s personal information. But for what it’s worth, Facebook are very clear that they don’t give your number to anyone, nor do they use it to send you any unsolicited messages. From what we’ve seen, they’re good to their word in this case.
And it’s worth mentioning again that for all your devices that you use to login into Facebook, these are remembered, meaning you don’t need that extra PIN each time you login from them. It’s only used for unknown devices.
We strongly recommend enabling Login Approvals, which are under the Security section in your main Settings page. So many sophisticated scams are out there in the wild that can obtain your passwords, meaning simply having a single layer of security (the username and password) may no longer be sufficient to effectively protecting your account. For all those important online accounts, we strongly recommend enabling any available 2-Step Authentication solution to help protect your online security.
For our full article on locking down your Facebook account, click here.