Facebook Two-Factor Authentication — Setup and Fixes
Two-factor authentication (Facebook calls it 'two-step authentication' too) is the single best protection against account hacking. It takes 5 minutes to set up and saves countless headaches later. This guide covers both setup AND what to do if a code isn't arriving.
Two-factor authentication on Facebook adds a second step beyond your password — usually a 6-digit code sent to your phone — so even if a hacker steals your password they can't get in. Turn it on at Settings → Password and security → Use two-factor authentication. Pick text message (easiest) or authenticator app (more secure). If you're getting locked out by a 2FA code that's not arriving, click 'Need another way to authenticate?' on the login screen to use a backup method or recovery code.
Step-by-step practice mode
Click through each step to practice. The screens look like the real Facebook app — but nothing here changes anything in your real account or device.
Step 1 — Go to Settings → Password and security
Click the down arrow at the top right, then Settings & Privacy, then Settings
Privacy Settings
Click 'Password and security'
Step-by-step instructions
- 1
Log in to Facebook on a computer or phone
Go to facebook.com and log in. Two-factor setup is the same on computer and phone, but the computer is usually easier because you can save the recovery codes more easily.
- 2
Open Settings & Privacy → Settings
On a computer: click the small down arrow in the very top-right corner. A menu drops down. Click 'Settings & Privacy', then 'Settings'. On a phone: tap the three horizontal lines (menu) at the bottom-right, scroll down, tap 'Settings & Privacy', then 'Settings'.
- 3
Click 'Password and security'
On the Settings page, look at the menu on the left (computer) or the list (phone). Click 'Password and security'. This is sometimes called 'Security and login'.
- 4
Click 'Use two-factor authentication'
Scroll down to 'Two-factor authentication' and click 'Use two-factor authentication'. Facebook may ask you to type your password again to confirm — type it.
- 5
Pick text message (easiest) or authenticator app (most secure)
Text message: Facebook sends a 6-digit code to your phone every time you log in from a new device. Easy and reliable. Authenticator app: install Google Authenticator or Microsoft Authenticator on your phone — more secure because phone-number theft can bypass text. Pick whichever feels comfortable.
⚠ Important: If your phone number changes (new carrier, new number), update Facebook BEFORE getting rid of the old number — otherwise you'll be locked out the next time 2FA triggers. - 6
Confirm your phone number
Facebook sends a 6-digit code to confirm your phone is correct. Open your text messages, find the code from Facebook, and type it in. Click Continue.
- 7
Save your recovery codes — this step is critical
Facebook gives you 10 recovery codes. Each is a one-time use code that lets you in if you lose your phone. Print the page, write them on paper, or save in a password manager. Keep the paper in a safe place at home.
⚠ Important: If you lose your phone AND don't have recovery codes, you may permanently lose access. The codes are the only safety net. - 8
Test by logging out and back in
Sign out of Facebook completely. Log back in. Facebook should now ask for a 6-digit code in addition to the password. Confirm it works as expected, then you're set.
What if it's not working?
Problem: I'm not getting the 6-digit text code when logging in
Likely cause: Wrong phone number on file, weak signal, carrier blocking, or you're entering an old code.
How to fix: Click 'Send new code' for a fresh one. If still nothing in 5 minutes, check the partial phone number Facebook shows — make sure it matches your current phone. If it's an old number, click 'Need another way to authenticate?' and use a recovery code instead.
Problem: I changed phones and the authenticator app is on the old phone
Likely cause: Authenticator app codes are tied to the device — switching phones doesn't transfer them automatically.
How to fix: If you saved recovery codes when you set up 2FA, use one of those to log in. Once in, go to Settings → Password and security → Two-factor authentication and re-set up the authenticator on your new phone.
Problem: I lost my phone and never wrote down recovery codes
Likely cause: Phone is the only place codes can arrive, and there's no backup.
How to fix: Try logging in from a 'trusted' device — a computer or tablet you've used before. Facebook sometimes lets trusted devices skip 2FA. If that fails, use facebook.com/login/identify and request ID-upload recovery — see our 'Recover My Facebook Account' guide.
Problem: Facebook keeps asking for a code even on devices I've used before
Likely cause: Browser cookies cleared, you're using Incognito mode, or you didn't check 'Save this device' last time.
How to fix: Next time you log in successfully, check 'Save this device' (or 'Don't ask for a code again on this device'). Don't use Incognito mode for daily Facebook use — it deletes the trusted-device flag every session.
Frequently asked questions
Is two-factor authentication really worth the extra step every time?
Yes, for most accounts. Once set up, 2FA only triggers on NEW devices — your usual computer and phone won't ask for a code every time, only when you log in somewhere new. The extra 30 seconds occasionally is worth it: 2FA stops 99% of password-theft attacks. It's the most important security step you can take.
Should seniors use text message 2FA or an authenticator app?
For most seniors, text message is fine and easier to understand. Authenticator apps (Google Authenticator, Microsoft Authenticator) are technically more secure because phone numbers can be stolen via 'SIM swap' attacks — but those are rare. Pick whichever you'll actually keep set up. The worst 2FA is the one you turn off because it's confusing.
What's a recovery code and where do I find it?
Recovery codes are 10 one-time backup codes Facebook gives you when setting up 2FA. Each one logs you in once if you lose your phone. Find them at Settings → Password and security → Two-factor authentication → Recovery codes. Print or write down — keep paper at home in a safe spot.
Will 2FA prevent ALL hacking?
It prevents about 99% of password-theft hacks because the hacker would also need your phone or recovery codes. The remaining 1% is sophisticated 'phishing' that tricks you into typing the code into a fake site, or 'SIM swap' that steals your phone number. To prevent those: never type a 2FA code into a page you didn't navigate to yourself, and call your phone carrier to set a SIM PIN.
Does 2FA cost money?
No — 2FA on Facebook is completely free. Standard text message rates may apply if your phone plan charges per text (rare in 2026), but the codes themselves are free from Facebook. Authenticator apps are free downloads.
Can I turn off 2FA later if I don't like it?
Yes — Settings → Password and security → Two-factor authentication → Turn off. We don't recommend this; once on, the inconvenience is minimal and the security gain is huge. If you're frustrated by 2FA prompts, the cause is usually browser cookies — fixing that is better than turning off 2FA.
What if I share my Facebook with my spouse?
Both spouses should be reachable on the phone number used for 2FA, or both should have access to the recovery codes. Don't share Facebook accounts ideally — two free accounts is safer. If you must share, use a phone number you both can answer, and keep recovery codes in a place you both know.
What's the difference between 2FA and a password?
Password = something you KNOW. 2FA = something you HAVE (your phone). Together they form 'two factors'. A hacker who steals your password (knowledge) still can't log in without your phone (possession). That's why 2FA stops most attacks even when passwords are leaked online.
Related guides
Still stuck? Call a real person.
We answer in under 15 minutes. We never ask for your password. Help is free for under-15-minute calls.
📞 347-953-1531