Facebook Security: Using Login Approvals to keep bad guys out of your account

UPDATE (November 28, 2012): Added a link to recent post on Facebook Login Notifications.

If you want to stay in touch with your Facebook Friends throughout the day, sometimes you have to access your Facebook account using computers or mobile devices that you do not own. You may be a student and use the school’s computers. If you work in an office environment, your office computer might be the one you use. These devices can have malicious software that might capture your Facebook account username and password. Once an attacker, spammer, or malevolent person gets a hold of your Facebook account, they can make your life difficult by sending dangerous links or unsolicited commercial messages (spam) to your friends. Others may cause havoc for you personally by changing your status or profile, taunting and annoying your Facebook Friends, or sending obscene or hateful messages to other people. Since these message appear to come from you, you will have the burden of resolving the problems caused. It is better to protect your account from unauthorized access and avoid the unpleasant aftermath from losing control of your account.

Facebook provides two security tools that allow you to control access to your account from various devices. Login Approvals are used when your Facebook account logs in from a different computer or device. A security code is sent to you via text message. Login Notifications, which I covered in “Facebook Security: Use Login Notifications to Watch for Unauthorized Access“, inform you when your Facebook account is used to login from a new, unrecognized device. Using these tools together, you can control your account access and to be informed when a new device is used to access it.

Login Approvals work by sending you a text message to your registered mobile phone when you log into your Facebook account from a different computer or mobile device or from a different web browser. After your Facebook username and password are entered, Facebook sends you to a page where you are asked to enter your security code. Simultaneously, a text message is sent to your mobile phone. The text message contains a six-digit security code that you must enter on the web page. Once the security code is entered correctly, you will asked to create a name for the device. This allows you to assign a unique name that you can remember later when you review the devices you have previously approved. After that, you can use Facebook normally with the new computer or device. Someone with your Facebook account username and password will not be able to get your unique security code sent to your mobile phone, so they will not be able to access your Facebook account.

Enabling Login Approvals

Setting up your Facebook Account to use the Login Approval system requires that you register your mobile phone with Facebook. To register your mobile phone, check out my article “Facebook Security: Register Your Mobile Phone to Use Advanced Security Features“. Once you have that configured, you can receive codes from Facebook when you need to log into a computer that you do not own.

  1. Click on the “triangle” drop-down menu in the upper right portion of the Facebook page.
  2. Select “Account Settings”. A new page will open.
  3. On the upper left portion of the Facebook page you will see a tab called “Security” with a gold badge icon next to it. Click on it.
  4. A list of security settings are presented. Look for “Login Approvals” and click on it.
  5. Enable Login Approvals by selecting the checkbox. A window will open that describes Login Approvals and how it works. Click on the “Set Up Now” button to proceed.
  6. Facebook will send a text message to your mobile phone with a six-digit code. A window will open and ask you to enter the code you received. Enter the code and click “Submit”.
  7. Facebook will then ask you to name the computer you are using. This is your chance to choose a useful name that you can recognize later in a list of known devices. Choose a name for your computer, like “Home Computer” or “Work Laptop”, and click “Next”.
  8. Login Approvals are now enabled. A new window will open with some additional details and security warnings. These are important, so please read the information provided. Click “Next”.
  9. Another window will open and ask you to configure the Code Generator. I’ll cover the Code Generator in an upcoming article. For now, click “Not Now”.
Facebook Account Settings showing that Login Approvals are configured.

Logging into Facebook with Login Approvals

When you have Login Approvals configured, you will be asked to enter a code each time you log into your Facebook account from a computer or device you have not used previously. In Facebook terms, this is an “unrecognized” computer or device. When you use a different device, Facebook wants to make sure that it really is you. To do this, the code is sent to your mobile phone, which is the one piece of equipment that you are likely to have with you at all times.

Facebook Login requesting a Security Code

When you log into Facebook, enter your username and password as usual. If they are correct, you will receive a text message on your phone from Facebook. Enter that code on the “Enter Security Code” web page. Once you enter the correct code, you will be ask to choose a name for the device. Choose a unique name that will allow you to remember the device you are using.

If someone has been trying to log into your Facebook account but has not entered the correct code, Facebook will ask you to review those entries. This is your opportunity to see if your account is being targeted. In some cases, it might be you. You may have made a mistake will logging into your account. Review these attempts carefully though. It may mean that someone has your account password. While they didn’t get into your account, it might be a good time to change your password, just in case.

Login Approval Considerations

Using the Facebook extra security features like Login Approvals for controlling access to your account can reduce the chances that someone can take over your Facebook account, but there are some things to remember when using these tools:

  1. When you log into the Facebook mobile application, you will see a message indicating that a text message has been sent to your registered cell phone. Click “OK” and you will return to the login screen again. (You can exit the mobile application to retrieve the security code and then launch the mobile application again.) Enter the security code from the text message into the “Password” field. If entered correctly, you will be able to access Facebook through the mobile application. If you have Login Notifications enabled, you will also receive an email notifying you that your account was accessed on a mobile device.
  2. Facebook uses cookies to aid in recognizing computers and devices. If your web browsing is configured to delete cookies every time you quit the web browser software, then Facebook will attempt to approve your device every time you log into Facebook. You can either configure the web browser to not delete cookies when exiting or approve the device every time.
  3. Private browsing is a web browser mode that does not save cookies, your browsing, and other privacy related information. Accessing Facebook using a private browsing mode will require you to approve your device every time you log into Facebook. You can either avoid using private browsing or approve the device every time.
  4. If you lose your cell phone, you cannot receive the security code to log into your Facebook account from new devices. If this happens, you need to log into your Facebook account from a previously approved device, disable Login Approvals, and remove your cell phone from Facebook.
  5. If you delete your registered cell phone from Facebook, Login Approvals will be disabled automatically. An email will be sent indicating that it was turned off. You cannot use Login Approvals without a cell phone to receive the security code.
  6. You may need to create Facebook App Passwords for applications that cannot use Login Approvals. I will cover those in an upcoming article.


Check our guide: Own Your Space, “A Guide to Facebook Security

Facebook Extra Security Features

, ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: