How to setup TOTP for Facebook

The following support page on the Facebook community website highlights many cases of users whose account has been hacked. In one instance, the hacker has enabled 2FA on their own phone so that the user is then unable to access their account again. This shows how powerful 2FA is and how it is necessary to keep your account secure from malicious hacks. Still, despite this risk, many users don't have 2FA enabled, which is the most common cause of malicious hacks.

As it this was not enough risk, since Facebook is often used as a Social Login button to access other websites, a hacker could not only get into your Facebook account, but from there in pretty much any other account accepting a social login via Facebook. That's a lot of potential damage! To avoid this, Facebook offers a 2FA support allowing their users to protect themselves against take over attacks.

Let's secure your Facebook account.

1. Locating the 2FA settings in Facebook

1.1 - To begin the process of securing your Facebook account, log into your account, go to the top right where you will see a blue drop down arrow.

Click this link to display several addition options, and then navigate to ‘Settings and Privacy’.

1.2 - Once you are in settings and privacy, you will then be presented with another navigation menu. Click settings.

2. Enabling Facebook's 2FA

2.1 - This will bring you to the main settings of Facebook. On the left hand side of your screen you will see a navigation menu. Below General you will see Security and Login. Click this menu.

2.2 - Within the login tab you will see a section called Use two-factor authentication, on the far right, click the edit button to begin securing your account!

2.3 - A window will now pop up that says Help Protect your account. This will show multiple options to secure your account. For this guide we will be choosing an Authentication App. To do so, click the blue button that says ‘Use Authentication App’.

2.4 - Facebook will then ask for your account password to activate 2FA.

2.5 - Once you have entered your password, Facebook will display a QR code to scan for setting up the 2FA on your mobile device.

2.6 - Go to the Authenly app and tap the QR scan icon on the home screen, or access it via the menu. As you scan the Facebook QR code, this operation will install the 2FA on your mobile device, so that you can now secure your Facebook account with Authenly.

Now go back to Facebook and enter the code to validate your account.

2.7 - Note that unlike most applications, Facebook does not require you to login into you account very often, and keeps a very long cookie on your browser to avoid repeated logins. For this reason, the 2FA will not be asked very often either, which is a bit of a shame... Facebook states that they will request a code if they find an attempt from an unrecognized device or browser. Once you have read this, click Done.

3. Your Facebook is secured

3.1 - That's it! Your Facebook account is now secured with Authenly. You are safe from malicious attacks by reuse of your username and password, and a potential loss of your Facebook account, or any sensitive information that may be stored on your Facebook account. Or maybe more importantly, you have just protected any unauthorised social login via Facebook into any other website for which you have setup an account. Or even if you have not setup an account, you are now protected from hackers setting it up for you and usurping your identity!

As you have experienced, installing a 2FA protection for a specific vendor account on your mobile device is quite a simple task to perform. We have built a list of 2FA installation guides for most major web applications, so that you can add safely and quickly an additional layer of security to your online account, and thereby also to your online identity.

4. Backup

Bear in mind that it is very important to keep a safe backup of your 2FA. Authenly is using a unique un-hackable offline secret to backup your 2FA-TOTP. This is a lot more secure than writing your 8 or 12 backup passcodes on paper or in a file accessible on your computer and/or on the cloud. It is also a lot more secure than letting your 2FA authentication app provider do the backup for you in their cloud (when they get hacked - not if... - your 2FA protection is rendered totally useless). Therefore, just make sure that you backup your 2FA-TOTP with Authenly as an offline secret, and be safe that you will not suffer any account lock-out and that you can restore at any time this 2FA onto any mobile device with your Authenly identity.

Need to understand and setup TOTP?

This short animated video will give you a good understanding of what is a Timed One-Time Password (or TOTP).


Frequently Asked Questions

Have questions? We’ve got answers. If you can’t find what you are looking for, feel free to get in touch.