It's easier than you think for someone to steal your password
Any of these common actions could put you at risk of having your password stolen:
Using the same password on more than one site
Downloading software from the Internet
Clicking on links in email messages
2-Step Verification can help keep bad guys out, even if they have your password.
Why you need it
Imagine losing access to your account and everything in it
When a bad guy steals your password, they could lock you out of your account, and then do some of the following:
Go through – or even delete – all of your emails, contacts, photos, etc.
Pretend to be you and send unwanted or harmful emails to your contacts
Use your account to reset the passwords for your other accounts (banking, shopping, etc.)
How it works
Signing in to your account will work a little differently
You’ll enter your password
Whenever you sign in to Google, you’ll enter your password as usual.
You’ll be asked for something else
Then, a code will be sent to your phone via text, voice call, or our mobile app. Or, if you have a Security Key, you can insert it into your computer’s USB port.
How it works
Keep sign-in simple
During sign-in, you can choose not to use 2-Step Verification again on that particular computer. From then on, that computer will only ask for your password when you sign in.
You’ll still be covered, because when you or anyone else tries to sign in to your account from another computer, 2-Step Verification will be required.
How it Protects
An extra layer of security
Most people only have one layer – their password – to protect their account. With 2-Step Verification, if a bad guy hacks through your password layer, he’ll still need your phone or Security Key to get into your account.
Sign in will require something you know and something you have
With 2-Step Verification, you’ll protect your account with something you know (your password) and something you have (your phone or Security Key).
Verification codes made just for you
Codes are uniquely crafted for your account when you need them. If you choose to use verification codes, they will be sent to your phone via text, voice call, or our mobile app. Each code can only be used once.
Two-factor authentication is a security feature that helps protect your Facebook account in addition to your password. If you set up two-factor authentication, you’ll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile device that we don’t recognise. You can also get alerts when someone tries logging in from a browser or mobile device that we don’t recognise.
If you haven’t saved the browser or mobile device that you’re using, you’ll be asked to do so when you turn on two-factor authentication. This way, you won’t have to enter a security code when you log in again. Don’t click Save this browser if you’re using a public computer that other people can access (e.g. a library computer).
We need to be able to remember your computer and browser information so that we can recognise it the next time you log in. Some browser features block this. If you’ve turned on private browsing or set up your browser to clear your history every time it closes, you might have to enter a code every time you log in. Learn more.
To set up text message (SMS) two-factor authentication, you can either use a mobile number that’s already been added to your account or add a new number. Learn more about how Facebook uses a mobile number added for two-factor authentication.