Login Alerts and Two-Factor Authentication
Managing Your Alerts and Authentication Methods
You can improve the security of your Facebook account by getting an alert when someone tries logging in from a device or web browser we don't recognize. These alerts will tell you which device tried logging in and where it's located.
To get alerts about unrecognized logins:
  1. Go to your Security and Login Settings.
  2. Scroll down to Get alerts about unrecognized logins and click Edit.
  3. Choose where you want to receive your alerts, such as from your email account or with a Facebook notification from a recognized device.
  4. Click Save Changes.
After you start getting alerts about unrecognized logins:
  • When you receive a login alert, you can tell us if you recognize the login activity by clicking or tapping This was me.
  • If you don't recognize the login activity, click or tap This wasn't me and we'll help you reset your password and secure your account.
  • You can save a device or browser to your list of trusted browsers or recognized devices. This way, you won't get alerts about the computer or mobile device you usually use to log into Facebook. Don't choose this option if you're using a public computer (such as one in a library or cafe).
  • A list of recent devices that have logged into your Facebook account can be found in your Security and Login Settings.
Was this information helpful?
If you're having trouble logging into your Facebook account, review these tips first.
Two-factor authentication is a security feature that helps protect your Facebook account in addition to your password. If you set up two-factor authentication, you'll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile device we don't recognize. You can also get alerts when someone tries logging in from a browser or mobile device we don't recognize.
To turn on or manage two-factor authentication:
  1. Go to your Security and Login Settings.
  2. Scroll down to Use two-factor authentication and click Edit.
  3. Choose the security method you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of two security methods:
You'll need to have at least one of these set up in order to use two-factor authentication. Once you have added either text message (SMS) codes or a third party authentication app on your account, you'll also be able to set up some of the optional methods below:
  • Approving your login attempt from a device we recognize.
  • Using one of your recovery codes.
  • Tapping your security key on a compatible device.
Other Useful Resources
  • If you haven't saved the browser or mobile device you're using, you'll be asked to do so when you turn on two-factor authentication. This way you won't have to enter a security code when you log in again. Don't click Save this browser if you're using a public computer that other people can access (example: a library computer).
  • We need to be able to remember your computer and browser information so we can recognize it the next time you log in. Some browser features block this. If you've turned on private browsing or set up your browser to clear your history every time it closes, you might have to enter a code every time you log in. Learn more.
  • To set up text message (SMS) two-factor authentication, you can either use a mobile number that’s already been added to your account or add a new number. Learn more about how Facebook uses a mobile number added for two-factor authentication.
Was this information helpful?
If you're having trouble logging into your Facebook account, review these tips first.
When you turn on two-factor authentication, you're asked to choose either text message (SMS) codes or a third-party authentication app as your primary security method. If you choose to use text message (SMS), you'll be sent a text message (SMS) with a special 6-digit security code each time someone tries logging into your Facebook account from a mobile device or browser we don't recognize.
Note: Please make sure you are viewing your personal profile before starting the steps below.
To turn on text message (SMS) codes for your mobile device:
  1. Go to your Security and Login Settings.
  2. Scroll down to Use two-factor authentication and click Edit.
  3. Click Use Text Message (SMS) when you're asked to select a security method and follow the on-screen instructions.
  4. Once you've turned on text message (SMS) codes, you should also set up a second security feature, such as trusted contacts or recovery codes. This helps to protect you in case your mobile phone is lost, stolen or hacked.
Other Useful Resources
  • Text message (SMS) security codes used for two-factor authentication are always 6 digits long.
  • To set up text message (SMS) two-factor authentication, you can either use a mobile number that’s already been added to your account or add a new number. Learn more about how Facebook uses a mobile number added for two-factor authentication.
  • If you're not receiving your text message (SMS) verification codes, you may have turned off text messages from Facebook. Learn how to turn text messages (SMS) back on.
  • If you want to turn off text message (SMS) codes and use a different security method for two-factor authentication instead, you'll need to have have a third-party authentication app turned on to do this.
  • You can disable text message (SMS) verification codes by clicking or tapping Turn Off next to the mobile phone number you want to stop using. If you don't have a third-party authentication app turned on, turning off your mobile phone number will also turn off two-factor authentication.
  • You can turn back on text message (SMS) codes for a mobile phone by clicking Use two-factor authentication > Text Message. Click on the mobile phone number you want to start using again and follow the on-screen instructions.
  • Learn more about managing two-factor authentication settings.
Note: Facebook doesn't charge you for using text messages (SMS) for two-factor authentication. However, your mobile provider's standard rates for sending and receiving messages still apply.
Was this information helpful?
Code Generator is a security feature for your Facebook app used with two-factor authentication. When you turn it on, your phone will generate a special security code that you can use to verify it's you when you log in from a new device or browser.
Code Generator works on your mobile device even if you don't have access to text messaging (SMS) or an Internet connection. You can also use it if you ever need to reset your password.
Other Useful Resources
  • Code Generator security codes used for two-factor authentication are always six digits long and expire after 30 or 60 seconds depending on the mobile device you're using.
  • If your security code isn't working, tap My code doesn't work on your mobile device to reset your Code Generator.
Was this information helpful?
If you're having trouble logging into your Facebook account, review these tips first.
If you've turned on two-factor authentication, there are several ways you can get your security code or approve your login attempt:
Was this information helpful?
You can only add a third-party authentication app or other two-factor authentication method if you already have access to your Facebook account. If you can't access your Facebook account, you can try recovering it.
When you turn on two-factor authentication, you're asked to choose either text message (SMS) codes or a third-party authentication app as your primary security method. A third-party authentication app (such as Google Authenticator or LastPass) can be used to generate login codes that help us confirm it's you when you log in from a new device for the first time.
To use a third-party authentication app for login codes:
  1. Install a third-party authentication app on your device. It's best to install the app on the device you normally use to access Facebook.
  2. Go to your Security and Login Settings.
  3. Scroll down to Use two-factor authentication and click Edit. You may be asked to re-enter your password at this point.
  4. Click Use Authentication App when you're asked to choose your security method.
  5. Follow the on-screen instructions.
Was this information helpful?
If you're looking for help with keeping your account secure, follow these tips.
Security keys are part of an extra security feature called two-factor authentication. In order to use two-factor authentication on Facebook, you'll first need to set up either text message (SMS) codes or a third-party authentication app on your account.
Once you have added either text message (SMS) codes or a third-party authentication app on your account, you'll also be able to set up a security key. If you own a Universal 2nd Factor (U2F) compatible security key (such as a special USB device with U2F support) and add it as an authentication method, you can use it when logging into your Facebook account from a computer or mobile device we don't recognize.
Using your security key is much like using a key to unlock a door. After entering your password, you can tap your physical security key instead of entering a security code. Keep in mind security keys only work with certain web browsers and mobile devices, so you'll also need to have another authentication method, such as a mobile phone or third-party authentication app.
Adding a Security Key
To add a security key, you'll need to be using the latest version of Chrome or Opera. Once you've done this:
  1. Go to your Security and Login Settings.
  2. Scroll down to Use two-factor authentication and click Edit. You may be asked to re-enter your Facebook password at this point.
  3. Go to Security Key and click Setup.
  4. Follow the on-screen instructions.
If you successfully added your security key, it will appear with the name you've given it in your Security Key section.
Using Your Security Key
If you have two-factor authentication turned on and added a security key, the next time you log into Facebook from Chrome or Opera on an unrecognized device you'll be asked to tap your security key.
If you don't have your security key or it isn't working, you can always click Use a different method to log in using one of your other authentication methods, such as a mobile phone or a third-party authentication app.
Other Useful Resources
  • Your security key can be used with other websites while also being used for your Facebook account.
  • If you're having trouble adding or using your security key, make sure that you have set up either text message (SMS) codes or a third-party authentication app first. If you have already set up one of those two security methods, try clearing your cache and temporary data. You can also try restarting your computer or mobile device.
  • If you're running Linux, you'll need to follow this additional step to use your security key.
  • Right now you can only use a security key to log into Facebook from a computer or a compatible mobile web browser.
Was this information helpful?
If you've turned on two-factor authentication, you can get 10 recovery login codes to use when you're unable to use your phone.
To get your codes:
  1. Click in the top right of Facebook.
  2. Select Settings & Privacy > Settings.
  3. Click Security and Login.
  4. Under the Two-Factor Authentication section, click Use two-factor authentication. You may need to re-enter your password.
  5. Next to Recovery Codes, click Setup then Get Codes. If you've already set up recovery codes, you can click Manage > Show Codes.
You can print or write down the 10 codes that appear. You'll only be able to use each code once. If you run out of codes or lose them, you can request new ones by clicking Get New Codes.
Was this information helpful?
Fix a Problem With Two-Factor Authentication
In order for you to use login alerts, we need to be able to remember your computer and web browser information so we can recognize it the next time you try logging in. If you're being asked to name a device you've already logged in from, here are a few things you can try.
  • Make sure your device is listed in your Authorized Logins in your security settings.
  • If you're using private browsing or incognito mode on your mobile device or your computer's web browser, Facebook may not be able to recognize your device the next time you log in. Try turning off private browsing or incognito mode when you use Facebook.
Was this information helpful?
You can manage where you’re logged into Facebook in Security and Login Settings. The Where You’re Logged In section lists where you’re currently logged in. Each entry includes a date, time, location and device type.
To log out of Facebook on another computer, phone or tablet:
  1. Go to your Security and Login Settings.
  2. Go to the section Where You're Logged In. You may have to click See More to see all of the sessions where you're logged in.
  3. Find the session you want to end. Click and then click Log Out.
Clicking Log Out will immediately log you out of Facebook on that device.
Was this information helpful?
If you have two-factor authentication turned on, you'll be asked to review recent logins anytime someone tries to log into your account and doesn't provide a security code. We'll show you where this happened, and you can let us know whether it was you (by clicking This was me) or not (by clicking This wasn't me).
If you approve the login attempt, you'll also have the option to remember the web browser or mobile device to log in more quickly in the future. You should only do this if that computer or mobile device belongs to you. If you don't recognize the web browser or mobile device, follow the directions provided to secure your account. After you get back into your account, you may want to review these security tips.
Note: If you have two-factor authentication turned on and you're asked to enter a code every time you log in from a saved device, you may need to change your browser settings.
Was this information helpful?
When you're using two-factor authentication or getting alerts about logins we don't recognize, we need to be able to remember your computer and web browser information so we can recognize it the next time you try logging in. This way we won't send you an alert or make you enter a security code every time you try logging in from the same computer.
Was this information helpful?
When you're using two-factor authentication or getting alerts about logins we don't recognize, we need to be able to remember your computer and web browser information so we can recognize it the next time you try logging in. Some web browser features block this. If you turned on private browsing or set up your browser to clear your history every time it closes, you might have to enter a security code every time you log in. Learn more.
If your web browser includes a private browsing or incognito mode, using it to access Facebook will usually cause this to happen after closing your browser window.
Was this information helpful?