By WIRED
Meta changed how two-factor authentication works for Facebook and Instagram last year. You might have received notifications about this, but it was easy to miss in the platform’s sea of red alerts. OK, so what’s different? “Any devices you’ve frequently used Facebook on in the past two years will be automatically trusted,” reads Meta’s updated settings page. Your smartphone and laptop may not need a 2FA code to log in, unless you go into your settings and opt out.
Over time, Meta has made multiple tweaks to how it deploys 2FA. In 2018, it started to allow 2FA codes generated by third-party apps. A few years later, the company began requiring more vulnerable accounts to activate 2FA protection. The company faces a tricky balance between making it easy to log in to your account and protecting users from losing control of their online identities.
Enabling 2FA is a basic way to improve the security of any online profile, since it adds an extra layer of difficulty for hackers trying to break into your account. “The role two-factor plays is, basically, to assume that at some point your password is going to be known by someone else,” said Casey Ellis, founder and chief strategy officer at Bugcrowd, a crowdsourced security company that has previously collaborated with Facebook. “You don’t have control over when or how that happens.” For users, this fallback measure is often as easy as copying and pasting a quick code from within a smartphone app, like Google Authenticator.
Anyone with a social media account on Facebook or Instagram needs to go ahead and turn on two-factor authentication in their privacy settings. No shame if you haven’t, but do it right now by logging in to your Account Center, clicking Password and security, then Two-factor authentication.
Now that you’ve got it all set up, here’s what was changed with Meta’s 2FA process: It’s no longer activated anywhere you often used Facebook or Instagram in the past two years, from previous-generation smartphones to hand-me-down laptops.
What’s the reasoning for this adjustment? “As part of our continuous work to balance account security and accessibility, we’re letting people know that we’ll be treating the devices they frequently use to log in to Facebook as trusted,” said Erin McPike, a Meta spokesperson.
Discussion about this post