Dave Taylor

Increasing Facebook Security with an SMS Password

You’re probably really into Facebook and you definitely don’t want to lose access to your account, but if you’re set up like most people, the only security you have stopping others from accessing your account is your password.  But what happens if someone guesses that password, installs a key logger, watches you slowly type your password in or sees you write it down?

If they can log in, you can be shut out and you won’t know that’s happened until you go to check your facebook status and can’t log in. Try to recover your password and it gets worse: the hacker has entered a new email address for your account and they get the password reset messages, not you. Yikes.

Fortunately, I’m going to show you a really neat feature Facebook makes available where it sends a text message to your cellphone with a constantly-changing numeric code that has to be entered as part of the login process. Why is that helpful? Because without also having your cellphone available, people can’t log in to your account even if they’ve stolen or guessed your password. The result? Better account security.

STEP ONE: HOOK A MOBILE NUMBER UP TO YOUR ACCOUNT

To get started, log in to your Facebook account then go to Account –> Account Settings and clicking on “Mobile” on the left side. You’ll see this:

facebook mobile settings

Click on “Add a Phone”, the green button in the middle of the window, and it’ll ask what carrier or mobile service provider you have:

 

facebook texts step 1

 

I use AT&T for my iPhone, so that’s what I specify here. Click on “Next” and it’ll tell me to switch to my smartphone and send a text message to Facebook with the letter “F”.

facebook texts step 2

You can see here that I’ve already entered the confirmation code into the window above. On my iPhone the back and forth text messages look like this:

facebook confirmation code

Once I’ve entered that code back on the Facebook settings window, I click “Next” and I’m halfway, the mobile number is hooked up and associated with my account.

STEP TWO: ENABLE SMS TWO-STEP AUTHENTICATION

Now that the mobile device is tied in to your Facebook account, the other step is to set up the verification capability. That’s a bit more tricky, but take it step by step and we’ll get to the end together!

On the left side of the Account Settings area, click on “Security”, and you’ll see the many security settings you can adjust or tweak for your Facebook account:

facebook security settings

Facebook calls this two-step SMS verification “Login Approvals”. You can see it above, it’s the third entry. Click on “Edit” adjacent and you’ll see the options:

facebook login approvals

That’s what we want. Click on the checkbox adjacent to “Require me to enter a security code sent to my phone” and it’ll warn you that this is a big step and ask if you really want to do this:

facebook_setup_login_approvals

That’s what you want. Click on “Set Up Now” and continue…

facebook enter security code

Again, I’m kind of taking two steps at once. The above window shows up, then here’s what shows up on my iPhone:

facebook sms code

If you look at the previous screen capture, you’ll see that I’ve already entered 836947 into the window. A click on “Submit Code” and it’ll congratulate me!

facebook setup finished

See? You thought I was kidding about the congratulations part, didn’t you?

Now that’s all set up, let’s log out of Facebook and try to log in again to see what’s changed. After entering my account and password pair, as usual, I now see this:

facebook enter security code

That’s very cool because meanwhile, on my cellphone, here’s what’s showed up:

facebook login code

I enter the numeric code (which changes each time you use it, btw) and I’ll be asked to name the system I’m logging in from for my own recordkeeping:

facebook name new computer

Finally, a click on “Okay” and I’m logged in as usual to Facebook. Done.

———————-

Dave Taylor writes the popular Ask Dave Taylor tech support blog and has been fiddling with computers and gadgets for more years than he’s willing to admit. You have questions? He’s happy to hear from you on his site or you can join his fan club at facebook.com/askdavetaylor

Editor Note: Intel has sponsored this video series.

19 Responses to Increasing Facebook Security with an SMS Password

  1. Rickey says:

    I think this is good that we can now set up a password with an SMS password for our facbook account to give the needed extra security. I wish Twitter would step up to the plate to offer the same security measures.

  2. edbergjun says:

    a very nice tutorial but it is outdated, “log in approvals” menu is now gone and replaced with “App password”, better to enable “log in notifications” instead, Facebook will send you an email and text message that someone has logged in your Facebook account if that setting was enabled.

  3. Joooo says:

    No, this is a terrible idea. I have used this for 6 months It worked good untill 2 days ago. I have not recieved a SMS from facebook with the security code in. I can not sign in to my facebook account. I have done some research about this now and facebook does not help me in any way at all. Many people has suffered from this problem and it’s not able to fix it. What should I doooooo? :(

    • roxana says:

      yes like me,what should i do,i have my password and after log in fb said to me Enter Security Code to Continue,i never received code :( i cant connect to fb

      • roxana says:

        I am using the sms security code for over a year now and was working perfectly.

        Suddenly three weeks ago I cleared my browser’s cookies and then Facebook required the sms security code before login so as to recognize the machine. Unfortunately since then I am not taking any sms at all and I cannot access my account. It is very painful for me because I run Facebook adverts and I cannot manage them at all.

        I contacted facebook team plenty of times without any rensponce and I contacted my mobile service provider and there is no problem from their side. I also take calls and messages from people from around the world without problems.

        Is there any solution to that?

  4. Claire says:

    I got a text with the security code, but did not request it. Does that mean someone is trying to hack my FB account?

  5. Heather says:

    I have this set up but I don’t have email notifications set up. However a couple of times I have been shown as logged on from an Android phone at silly o clock in the morning and in an area that is miles away from where I live.

    1) I know that on these paticular occasions I hve received the SMS text but not attempted to login myself as I have been asleep
    2) I don’t have an android phone. Infact my phone doesn’t have any application settings at all as it’s really old
    c) My account is being accessed in this particular area I have received a text but not been accessed by me.

    So, am I still being hacked? is it possible to be hacked still with this added security in place?

    I have changed my username, email address and telephone number that link up to my account but I am still being ‘hacked’ I have changed my password so many times.

    It does tell me the next day that an unrecognised device tried to access my account (which wasn’t me) but my account still shows as been accessed.

    The area I am supposedly logging in from is the area where my ex now lives and the times in the morning are the times he normally finishes work – is it possible he has managed to over-ride the security?

  6. Panagiotis says:

    Hello,

    I am using the sms security code for over a year now and was working perfectly.

    Suddenly three weeks ago I cleared my browser’s cookies and then Facebook required the sms security code before login so as to recognize the machine. Unfortunately since then I am not taking any sms at all and I cannot access my account. It is very painful for me because I run Facebook adverts and I cannot manage them at all.

    I contacted facebook team plenty of times without any rensponce and I contacted my mobile service provider and there is no problem from their side. I also take calls and messages from people from around the world without problems.

    Is there any solution to that?

    • Panagiotis says:

      Finally after almost three weeks of waiting I got a reply from Facebook. They needed a Government ID to verify that the account belongs to me and after I gave them a copy of the ID everything started working again.

      Regarding the Government ID I have to say these two opinions:

      1. This is actually the only way for Facebook to avoid frauds and scams. You probably know that scammers do fake Facebook accounts and pretend to be someone else. In this way Facebook validates accounts against this kind of frauds.

      2. Giving such information over internet frightens people. Especially now that we are all used to companies saying “If you receive any email asking for your personal details do not reply because we will never ask you for such details…”. Facebook actually is doing the opposite now on this area.

  7. Annhta says:

    i havent got any access to my fb account because first of all, accidentally i remove phone listened and also i have changed phone number. The worst thing about it, is when i put my password he shows me that i havent got any phone number listened and i dont have any space and the box i used to have to put the verification number. The only thing that i can do is to contact users of operator team. Many times i send them the issue im facing but i didnt get any replies back. Please if you could help me i really appreciate it ! Thanks.

  8. Beth says:

    I have not received my login code for a while now so I’ve been unable to access my account. I’ve changed my password to FB account still no luck, how do I resolve this, any one with any info, I’ll appreciate pls ;(

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>