How to improve Facebook account protection with Login Approvals

Privacy and security issues have generated a lot of criticism of Facebook in the past, some of which has been published here on the ESET Threat Blog. So it is only fair that we give Facebook credit for positive steps it has taken on the security front. One security measure that has impressed me recently is Login Approvals, a feature which improves your ability to protect your Facebook account from persons with less than honorable intentions.

When you activate Login Approvals and Login Notifications on your Facebook account–using the steps listed below–you are required to give a name to any device you use to access Facebook. This enables Facebook to notify you whenever a new device logs into your Facebook account, using an email like this:

In this case, I was setting up Facebook access on my new Kindle Fire tablet. As you can see, I was doing this in San Diego on New Year’s Day. Note that Facebook provides a link to click if you do not recognize the device as one you have approved. The approval of a new device requires a one-time security code that Facebook sends to your mobile phone as a text mesage. Here’s what that looked like on my iPhone (yes, that’s my dog in the background).

To register the Kindle Fire as an approved device on my Facebook account I had to enter the code from the SMS message when prompted to do so by Facebook on the Kindle.

In computer security we call this technique “out of band authentication” because credentials are supplied through a different communication channel or band from the system to which you are authenticating. While out of band authentication is not impossible to defeat, it adds a significant hurdle to someone trying to compromise your acount.

Suppose I had received the email above but did not recognize the device name and/or location. I would then be able to investigate what was happening and take steps to protect my account (you can choose to get notifications via email or SMS or both).

Setting up Login Approval on Facebook is relatively straighforward once you know it is there. The only prerequisite is that you have a mobile phone registered to your Facebook account (something you can do in your Account Settings). The following diagram shows you the steps required to activate Login Approvals. After activation you will be prompted to approve each of your devices the next time you use them to access Facebook. You should also make sure that the Login Notifications setting is also enabled.  

Author Stephen Cobb, ESET

  • Scott

    What a relevant article in today's world with so many on Facebook.  This read needs to be splattered all over Facebook and Twitter.  Doing that now.  Very easy to read and understand.
    Great job!  Have an awesome day!

  • thehellu

    Note that if you do not give your phone number to Facebook, you do not need to enter any code to approve a device, but you still receive the mail telling you that a new device has logged in, which still allows checking third-party accesses to your account.

  • thehellu

    …which in fact would be called login notifications. you can discard both comments :)

  • Jan

    If your friend know Facebook password he/she can't acess it, beacuse he/she don't have your mobile phone.

  • Leila Gibbons

    How can you change your device name?

    • David Harley

      Leila, we can’t really offer FB support here: however, if anyone has recognized devices registered with FB, maybe they can help. I don’t, I’m afraid.

  • john singh

    in my account there is no option for enabling login approvals…
    pls help me

    • David Harley

      I can’t be sure that your pages look like mine, but if you can see a down arrow in the right-hand corner, click on it, select account settings, select security settings, and then login approvals. However, please note that we can’t promise in-depth answers to questions on products and services that aren’t ESET’s.

Follow us

Copyright © 2017 ESET, All Rights Reserved.