Facebook Mandates Two-Factor Authentication for High-Risk Accounts

Facebook Mandates Two-Factor Authentication for High-Risk Users

Facebook, now operating as a subsidiary of Meta, has announced that it will require two-factor authentication (2FA) for accounts deemed at high risk of being targeted by malicious actors.

Expanding Facebook Protect

This decision represents a significant expansion of Facebook Protect, the platform’s advanced security program. The program is designed to safeguard the accounts of individuals particularly vulnerable to attack, such as journalists, human rights advocates, and government personnel.

Facebook Protect simplifies the adoption of robust security measures, including 2FA. It also provides enhanced security monitoring for both accounts and Pages, actively identifying potential hacking attempts.

Program History and Global Reach

Initially launched as a pilot program in 2018, Facebook Protect was broadened before the 2020 U.S. election. This expansion aimed to mitigate abuse and prevent interference with the electoral process on the platform.

Currently, over 1.5 million accounts are enrolled in Facebook Protect. The company intends to extend its availability to more than 50 countries by the year's end, including the U.S., India, and Portugal, with further expansion planned for 2022.

Increased 2FA Adoption

Of the 1.5 million accounts utilizing Facebook Protect, approximately 950,000 have already enabled 2FA. Facebook notes that this security feature has historically seen limited adoption across the internet.

The company is now prioritizing universal 2FA usage among high-risk accounts, making it a compulsory security measure.

Account Access and Enforcement

Users identified as high-risk will be required to activate 2FA within a specified timeframe. Failure to do so will result in temporary account inaccessibility.

Facebook assures users that access will not be permanently revoked, but 2FA enablement will be necessary to regain entry to their accounts.

Rationale Behind the Change

“2FA is a fundamental element of any user’s online security, and we aim to make its implementation as straightforward as possible,” stated Nathaniel Gleicher, Head of Security Policy at Facebook.

“To encourage broader 2FA enrollment, we must move beyond simply raising awareness or offering suggestions. This community comprises individuals central to public discourse and are frequently targeted; therefore, enabling 2FA is crucial for their protection.”

Early testing of mandatory Facebook Protect demonstrated that over 90% of high-risk users enrolled in 2FA.

Phased Rollout and Considerations

To balance security enhancements with potential disruptions – such as preventing legitimate voices from being locked out – 2FA will initially be enforced in regions where Facebook has sufficient resources for a smooth transition, like the Philippines and Turkey.

The company will also prioritize areas with upcoming elections, recognizing their importance as civic moments.

Future Plans for 2FA

While less than 4% of Facebook’s global monthly active users currently lack 2FA, the company has “no plans” to mandate the feature for all accounts at this time.