top of page

Facebook is making two-factor mandatory for high-risk accounts

Facebook said it will make two-factor authentication (2FA) mandatory for high-risk accounts likely to be targeted by malicious hackers.

According to TechCrunch, The move is part of a major expansion of Facebook Protect, the social networking giant’s enhanced security program that’s intended to protect the accounts of people who may be at particular risk, like human rights defenders, journalists and government officials.

The initiative helps these accounts adopt stronger security protections by simplifying security features — including 2FA — and providing additional security protections for accounts and Pages, including monitoring for potential hacking threats.

1.5 million accounts are enrolled in Facebook Protect. Almost 950,000 have 2FA enabled. Facebook says it wants this feature to be mandatory.

This means if a user identified by Facebook as high-risk does not enable 2FA once a set period has expired, they won’t be able to access their accounts. The company said users won’t permanently lose access to their accounts, but will need to enable 2FA in order to regain access.

“2FA is such a core component of any user’s online defense, so we want to make this as easy as possible,” said Nathaniel Gleicher, head of Security Policy at Facebook to TechCrunch.

She added, “To help widen enrollment of 2FA, we need to go beyond raising awareness or encouraging enrollment. This is a community of people that sit at very critical points in public debate and are highly targeted, so for their own protection, they probably should be enabling 2FA.”

Facebook says that while its own figures show that less than 4% of its global monthly active user base has not enrolled in 2FA, it currently has “no plans” to make the feature mandatory for all accounts.

bottom of page