In an effort to keep certain at-risk accounts even more secure, Facebook is updating its Protect program and will soon force enrolled users to enable two-factor authentication (2FA). These accounts include politicians, human rights activists, journalists, and other high-profile users.
Facebook will begin implementing and requiring the rule worldwide over the next few months. At-risk accounts—those which the company describes as “more likely to be targeted by malicious hackers”—belonging to U.S. users will start using two-factor authentication beginning in mid-to-late February 2022.
The company is recommending the use of third-party authentication apps, and says it is working to “make enrollment and use of 2FA as frictionless as possible for these groups of people by providing better user experience and support.” Facebook acknowledged that it knows it’ll take time to get all users to comply, especially with many users who don’t often access their accounts on the platform; the company is pleased with the compliance numbers it has seen thus far in early testing, however.
Facebook’s Protect program was initially tested with American politicians in 2018 ahead of the then-upcoming 2020 Elections. Slowly, the company is expanding the program to other at-risk users—like journalists, activists, and the like—and will eventually be available to users in over 50 countries, including India.
Nathaniel Gleicher, Meta’s head of security policy, shared that more than 1.5 million of these accounts have already enrolled in the Protect program, and that 950,000 of them have already switched on 2FA. He also noted that, even beyond Protect accounts, that extra layer of security is sparsely used; currently only about 4% of monthly users have it enabled for their accounts. At the moment, Facebook does not have any plans to require users not enrolled in Protect to add 2FA to their accounts. We recommend adding 2FA via a security key.