Like any digital asset, Facebook accounts can be vulnerable to security threats, including unauthorized access. The two-factor authentication (2FA) was the earliest security measure that Facebook provided users to prevent hackers from phishing and taking over their accounts. This feature involves entering a code aside from keying in your password.
But users later complained about receiving unwanted notifications or spam messages on their phones after activating the (2FA). In 2018, Facebook said that a bug caused this problem and launched the code generator amid the call of security experts not to use the 2FA. The code generator is designed to provide an added layer of protection by asking you to type a six-digit code that will display on Facebook or your mobile device when you log in from a new or different device. This feature helps ensure that not just anybody can get into your personal or business account, steal valuable information, change your settings, or even lock you out of your own account.
How to Boost Your Facebook Account Security With Code Generator:
Where is Facebook Code Generator?
To locate this security feature, go to your Facebook account, and click the hamburger icon or the symbol with three short horizontal lines. Scroll down until you see "Settings & Privacy," then choose the Settings tab to go to your account settings.
Select Password and Security to find the "Two-factor Authentication" option.
You'll only be able to find and use the Code Generator once you've enabled the two-level verification on your Facebook app. When activating the 2FA, Facebook gives you three options for receiving the code: through an authentication app (Duo Mobile or Google Authenticator), a text message, or through a security key (via USB or lightning port). After you pick the app for receiving your code, "Code Generator" with a key icon will appear under the Two-Factor Authentication menu.
How Does it Work?
Once you enable your 2FA and code generator, you can access Facebook from any other device besides the phone, desktop PC, or mobile device that you normally use to get through your account.
When you try to log into Facebook from a new device, the social channel will ask you to type the login code from your Code Generator.
To generate the code, use your phone to enter Facebook. Go to your hamburger icon and tap "Settings & Privacy," and then choose Settings. From here, look for Code Generator under the Two-Factor Authentication menu and select it to activate the generator. A new window will then open with the Activate button, which you should click to produce the six-digit code. This set of numbers is what you type or copy in the blank field.
You can also apply the same process when you get a message from Facebook, saying that it has detected an attempt to access your account from a new device.
Possible Reasons for Not Getting a Code and Alternative Steps
You may not receive a code after tapping Facebook's Code Generator if:
- Your device isn't connected to the internet
- The number of the phone you're using isn't linked to your Facebook account
If you can't get a code from Facebook's Code Generator, click “Need another way to authenticate.”
You can then choose to receive the code in several ways:
- Another device (You may try a laptop, tablet, or desktop PC where you may have saved your Facebook password.)
- Phone text message
- Email (after clicking "Get More Help" and providing Facebook with your address and photo of government ID)
Authentication Apps You Can Use to Get A Login Code
As mentioned earlier, a third-party authentication app offers another way to log into your Facebook account. Remember that you can only use an authentication app if you have access to your Facebook account. If you're locked out of your account, you first need to recover it.
You can download any of these popular apps. Just like Facebook's Code Generator, these apps use time-based one-time password technology. They generate a six-digit code that will work for typically 30 seconds before generating a new one.
Google Authenticator is widely adopted across major websites. Like many authenticators, it works even without an internet connection. But it has no backup feature and can't sync to multiple devices.
Duo Mobile is suitable for corporate use as it can permit various users to perform account authentication. It is also less time-consuming as users can just tap and enter instead of typing or copy-pasting numbered codes.
Once you have a LastPass account, activate the multi-factor authentication for one-tap entry. A subscription can give you access to several devices.
You can store your Facebook password and get one-time passcodes through Microsoft Authenticator's password management system. Its multiple account feature makes it another recommended tool for work and school accounts.
Authy, which is available on mobile and desktop, offers encrypted cloud backup. It also supports multi-device synchronization. However, you need to supply your phone number to use the app.
andOTP is an open-source tool that's highly recommended for Android devices. It offers multiple backup options and compatibility with Google Authenticator.
Other Options If You Don't Have Your Phone or If You Lose It
When you have an emergency, and you need to access Facebook, but you don't have your phone with you, here's what you can do:
Use Recovery Codes.
This is a precautionary measure you need to take even before you lose your phone. You can find the recovery codes under Facebook's Two-Factor Authentication Option. When you click this feature, Facebook will generate 10 codes for one-time use. Note them down in a safe place. This way, you can refer to them in case you suddenly lose your phone or need to access your Facebook account while you don't have your phone with you.
Go to Facebook's Find Your Account Page.
Facebook can help you access your account by doing a search. Copy-paste this link on your browser—https://www.facebook.com/login/identify—and enter your email address or mobile number to launch the search.
When Facebook finds a match, it will ask you how you want to receive your password reset code.
The social media giant can also generate several search results if you only enter your name in the search field. Once you've found your profile picture on the results page, you can click the button beside it that says "This is My Account."
After you choose the way you'd like to get your code, enter the six digits in the empty field.
Facebook will then ask you to enter a new password and log out of other devices to prevent unapproved access to your account.
Frequently Asked Questions
How would I know if my Facebook account has been hacked?
Your account may have been hacked if:
- You find other devices listed under "Where You're Logged In" in the Settings>Security and Login that don't belong to you or you don't recognize.
[caption id="attachment_107528" align="aligncenter" width="602" class="none"] Source: fastcompany.com[/caption]
- You see changes to your personal information on your account profile (such as current location or birthday)
- You spot activity on your account that you didn't initiate. One sign of a breach is the appearance of shares and posts on your timeline, showing activities you weren't engaged in. Your friends may also report getting strange messages from you or unusual activity on their timelines.
Another sign of a possible hacking attempt is receiving an email that says someone logged into your account or changed your password and it wasn't you.
- You notice friend requests sent to people you have no connection with.
- You discover messages on your Messenger that were sent to people you don't know.
What should I do if my account gets hacked?
If you think your account has been hacked:
- You can check whether your phone became a victim of a data breach by going to https://haveibeenpwned.com/.
- Do the following if you can still log in to your account:
- Go to Password and Security (from Settings and Privacy>Settings) and check the devices "Where you're logged in." Make sure you recognize the devices and the indicated date and time of log-ins to determine whether any of those weren't made by you. You can hit the "log out" button, which appears when you click the three dots beside any device you don't recognize as yours. Or you can scroll all the way down and tap "Log Out of All Sessions."
[caption id="attachment_107529" align="aligncenter" width="768" class="none"] Source: insider.com[/caption]
- Then go to Password and Security or Security and Login from Settings and Privacy. Tap "Change Password" and fill in the blank fields before hitting the “Update your password” button.
- Let Facebook run a security check through "Let's Secure Your Account." When this message or window appears, click "Get Started" and follow the instructions.
[caption id="attachment_107530" align="aligncenter" width="847" class="none"] Source: makeuseof.com[/caption]
- If you can no longer log in:
- You may report the incident to Facebook by going to https://www.facebook.com/hacked and clicking the button “My Account is Compromised.” You'll then have to provide information, including the phone number or email address you linked with your Facebook account, the last password you used, and why you think your account is compromised.
[caption id="attachment_107531" align="aligncenter" width="916" class="none"] Source: facebook.com[/caption]
- Another option is to follow the steps for using Facebook's "Find Your Account" page under this article’s “Other Options If You Don't Have Your Phone or If You Lose It” section so that you can reset your password. Another way to land on this page is to click "Forgot your password" in Facebook's homepage and follow the on-screen instructions.
[caption id="attachment_107532" align="aligncenter" width="582" class="none"] Source: makeuseof.com[/caption]
- Inform your family members and friends about the hack and seek their help in recovering your account.
If you've set up your Trusted Contacts, you can request their help to re-enter Facebook. Click "Forgot account" on facebook.com's login page. Then key in your mobile number or email so Facebook can search for your account before hitting the Search button. If you no longer have access to any of the addresses or numbers listed, enter a new phone number or email address that you know you can access and click Continue. From here, "Reveal my trusted contacts" will appear.
Enter the full name of one of your trusted contacts and read the instructions that follow. You will receive a special link containing a recovery code your trusted contact can access. Send this link to any of your chosen friends so they can open it. Facebook will then generate a login code you can use—ask your friend to send you that code.
- Delete unknown apps.
Review the apps installed on your Facebook account and delete those you no longer use. You may have granted any of these apps access to some of your personal data in the past so it's best to disconnect from them.
[caption id="attachment_107533" align="aligncenter" width="572" class="none"] Source: howtogeek.com[/caption]
How can I make my Facebook account more secure?
Besides activating 2FA, Facebook recommends taking these steps to protect your account from hackers:
- Make sure you update your email and phone information in your personal or business account settings, as this will aid in account recovery.
- If you manage a business account, regularly audit who has permission to log in.
- Activate login alerts and login approvals. Go to your Security Settings and tap "Get alerts about unrecognized logins" under "Setting Up Extra Security."
- Use a strong password, which you shouldn't save online or share with anyone. It should be hard to guess but avoid using your birthday, phone number or email address. Don't use a password that you also use for other accounts, say for email or your bank account.
Security experts also recommend changing your password every three months.
- Log out of Facebook if the desktop PC where you log in is a unit that you share with others.
- Don't accept friend requests from people you don't know. Scammers usually create fake accounts to befriend others.
- Set up Trusted Contacts.
Under "Setting Up Extra Security" in your Password and Security settings, tap "Choose 3 to 5 friends to contact if you get locked out." Facebook may ask you to confirm your password before it lets you select your contacts. Once you’ve confirmed your password, you’ll have to type the names of at least three of your contacts. When Facebook generates their profile pictures, click on their names and click Confirm.
[caption id="attachment_107534" align="aligncenter" width="707" class="none"] Source: unowp.com[/caption]
[caption id="attachment_107628" align="aligncenter" width="1024" class="none"] Source: offthewallsocial.com[/caption]
- Don’t click suspicious links.
- If you use Facebook for business, check for any unrecognized activities in Payment Settings and Ads Manager. Check your Marketplace account to see whether there are any listings there that you didn't create.
- Scan your device or browser for malicious software.