Meta makes 2FA mandatory for high-risk users

A smartphone showing the Meta company logo in front of a large Facebook logo
(Image credit: Getty Images)

Meta will start forcing its most-targeted users to use two-factor authentication as part of an expansion to its Facebook Protect program.

The expansion will also see the company roll out the program in more countries, reaching over 50 by the end of the year, including India and Portugal.

The company launched its Protect program in 2018 to introduce more security controls, including monitoring for potential hacking threats. It expanded the initiative ahead of the 2020 US election.

The company had already announced that it was introducing 2FA in 2011. Of the 1.5 million accounts that registered with the Facebook Protect program, 950,000 use the 2FA option, it said.

"However, this important feature has been historically underutilized across the internet — even by people that are more likely to be targeted by malicious hackers, such as journalists, activists, political candidates and others," it added.

Requiring that these groups use the 2FA feature will help to protect highly targeted people, the company said.

Meta will prompt accounts deemed high-risk to enrol in the Protect initiative. People who believe they fit this description can also apply to be enrolled through their organizations.


Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide


The company will also work to simplify the process in the coming months, it added, making enrolment easier and improving customer support for the feature. It has already been testing these measures, and said that it improved adoption rates to over 90% among targeted groups.

In October, following testimony about its internal policies by whistleblower Frances Haugen, the company expanded its harassment policy to protect public figures. It banned content that degraded or sexualized public figures, reflecting existing policies that applied to private individuals.

It also added more protections for journalists and human rights activists, and banned coordinated harassment in which groups of people work together to target individual users.

Danny Bradbury

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing. 

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.