Facebook Protect is a new security feature that Facebook is requiring users enable in order to continue using the platform. If you received a notice from Facebook telling you that you need to enable Facebook Protect, you may be wondering why this new requirement exists and what it means for your account security and privacy.
What is Facebook Protect?
Facebook Protect is a security feature that requires qualifying Facebook users to enable two-factor authentication on their accounts. Two-factor authentication adds an extra layer of security beyond just a password by requiring users to input a special code or confirm their login attempt on a secondary device when accessing Facebook from a new device or browser.
With Facebook Protect enabled, when you log into your Facebook account from a new device, you will be prompted to confirm your login attempt through one of the following methods:
- Entering a special security code sent to your mobile phone via text message or authentication app
- Receiving a login confirmation prompt on a mobile device where you’re already logged into the Facebook app
- Entering a backup security code you’ve previously set up
This extra step helps prevent unauthorized access to your account even if someone else knows or obtains your Facebook password.
Why is Facebook requiring users to enable Protect?
Facebook states that the reason for requiring select users to enable Facebook Protect is to “provide extra security for accounts that are more likely to be targeted by hackers.”
Essentially, Facebook has criteria and signals that help them identify accounts at higher risk of being compromised. Things like having a public profile, being active on Facebook, having a role in public discourse (like being a journalist or public figure), or posting about sensitive topics can make an account more of a target.
For these at-risk accounts, Facebook is proactively requiring users enable the extra layer of two-factor authentication to better protect them from unauthorized access and account hacking attempts.
Why is my account being forced to enable Facebook Protect?
If you received a notice from Facebook stating that you need to enable Facebook Protect, it means Facebook’s automated systems have flagged your account as meeting the criteria for being high risk or vulnerable to hacking attempts.
Some reasons your individual account may need to turn on Facebook Protect include:
- You’re an active user who frequently posts updates, photos, check-ins, or interactions
- You have a public-facing role such as a journalist, blogger, public figure, or organization
- You have a large friend network or follower base
- You post about controversial issues or are engaged in public discourse
- You have experienced suspicious activity on your account recently
- You have a weak or compromised password that puts your account at risk
Essentially, Facebook wants to proactively protect accounts that are more visible and may be bigger targets for hackers before they get compromised.
How does Facebook identify accounts to require Facebook Protect?
Facebook has not provided the exact details of how their systems identify and flag accounts requiring Facebook Protect. However, they have offered some insight into the types of signals and criteria used:
- Account activity: Frequency of posting, sharing, logging in, number of friends/followers
- Public visibility: Having a public-facing role, posting about sensitive topics
- Past security issues: Previous suspicious account activity or hacking attempts
- Account strength: Weak password, lack of secondary email or phone attached
- Advanced AI: Machine learning models that analyze billions of data points to predict account risk
Facebook has not provided the exact weighting or thresholds for these criteria. The propagation of misinformation is also a key area of focus for Facebook when selecting accounts for mandatory Facebook Protect enablement.
What happens if I don’t enable Facebook Protect?
If your account has been flagged by Facebook as requiring Facebook Protect, you will have a certain amount of time to enable it (usually a few days). If you do not enable Facebook Protect within the required timeframe, Facebook will lock you out of your account as a security measure.
Once your account is locked, you will not be able to access or use Facebook until you complete the steps to enable Facebook Protect. This includes:
- Logging into your Facebook account
- Posting updates, photos, videos
- Commenting or reacting to posts
- Managing Pages or Ads accounts
- Using Messenger
Essentially, your account will be completely disabled across all Facebook apps and services until you turn on the security feature. This is intentionally done by Facebook to enforce enablement of Facebook Protect for accounts deemed high risk or vulnerable.
Will my account be disabled permanently if I don’t enable Protect?
No, your account will not be permanently disabled if you do not enable Facebook Protect in the required timeframe. However, it will be locked out of service until you complete the steps to enable Protect.
Once your account is locked, you can still enable Facebook Protect through the Facebook mobile app. After completing the setup steps, your account access will be fully restored.
Facebook wants people to enable Protect for improved security – not keep accounts disabled forever. The account lockout is simply an enforcement mechanism to ensure at-risk accounts activate the extra protection.
How does enabling Facebook Protect improve my account security?
Enabling Facebook Protect improves your account security in a few key ways:
- Adds two-factor authentication – Requires entering a special login code or confirming devices when logging in from new locations
- Increases login friction – Makes it harder for hackers to access your account even if they have your password
- Better detects suspicious activity – Facebook can better track and analyze account access patterns
- Provides alerts for unrecognized logins – You will be notified of logins from unknown devices
Together, these layers of security make it much more difficult for hackers to access your account, even if they manage to obtain your Facebook login credentials through phishing or password reuse attacks.
How does two-factor authentication improve security?
Two-factor authentication works by requiring two different forms of identity verification when logging in from an unrecognized device:
- Something you know – Your account password
- Something you have – A unique security code from your phone or authentication app
Even if a hacker correctly guesses your Facebook password through a credential stuffing attack, brute force attack, or password dump, they will not be able to access your account from a new device without also having your physical phone in their possession to complete the second step of authentication.
This significantly raises the barrier for gaining unauthorized access to your account.
What are the methods to complete two-factor authentication?
With Facebook Protect enabled, you’ll complete two-factor authentication through one of these options when logging in from a new device or browser:
- Text message code – Get a 6-digit login code sent as a text message to your mobile phone
- Authentication app – Generate a unique login code from apps like Duo Mobile or Google Authenticator
- Device prompt – Approve the login attempt on a mobile device where you’re already logged into Facebook
- Backup codes – Enter a backup security code you’ve previously saved from your Facebook Security settings
You can choose your preferred two-factor authentication method in your Facebook account settings. Using an authentication app is considered more secure than text messaging.
What personal information is required to enable Facebook Protect?
To complete the setup steps for Facebook Protect, you will need to provide:
- A mobile phone number – For receiving login codes via text message (or phone prompt)
- An authentication app – Like Google Authenticator or Duo Mobile, if using that method
- Backup security codes – Optional; you can generate and save these as a backup option
Your phone number is required so Facebook can verify your identity and send you login codes when accessing your account from new devices.
You may also be asked to submit a government ID if Facebook cannot verify your identity based on the information previously associated with your account.
Does Facebook share my personal information entered for Protect?
According to Facebook’s data policy, they will not share the personal information you submit specifically for Facebook Protect (like phone numbers, government IDs, or backup codes) to any third parties or use it for other purposes besides identity verification.
However, Facebook may use aggregated non-identifying data about users who enable Facebook Protect for analysis purposes – for example, to understand adoption rates of the security feature.
Can I remove Facebook Protect after enabling it?
In most cases, once you enable Facebook Protect on an account, you cannot later disable or remove the two-factor authentication requirement. This permanent status is intentional to prevent the weakening of security on accounts deemed high risk by Facebook.
However, in some limited cases, you may be able to remove Facebook Protect if you can prove you are not eligible for the heightened security requirements:
- You uploaded a government ID showing you are under 18 years old
- Your account is not actually high risk but was incorrectly flagged
- You recently changed your account to no longer be public-facing
You can request the removal of mandatory Facebook Protect through the Help Center by contacting Facebook support. But removal is not guaranteed even if you meet one of the above criteria.
Can I switch the two-factor authentication method?
Yes, while you cannot fully disable Facebook Protect once enabled, you can change the two-factor login method you use:
- Text messages
- Authentication app
- Device prompt
- Backup codes
For example, you could switch from text messaging to using an authentication app for obtaining your login codes. You can change your method in your Facebook account’s Security Settings.
Are there any downsides to enabling Facebook Protect?
Facebook Protect does add some minor inconveniences by requiring an extra step when logging into new devices or browsers. Potential downsides include:
- Needing access to your mobile device when logging into Facebook from a new computer
- Not being able to log in if you lose your mobile device
- Entering codes being slower than just using a password
- Needing to set up authentication apps or manage backup codes
However, the vast majority of users find these frustrations worthwhile for the massive boost in account security provided by two-factor authentication. Having your Facebook account hacked would come with much greater inconveniences.
Does Facebook Protect impact account usage?
Aside from adding a second step when logging in from new devices, enabling Facebook Protect does not impact your normal use of Facebook services once logged in. You can still:
- Post updates, photos, videos
- Like and comment on posts
- Use Facebook messaging
- Manage Pages you administer
- View profiles andGroups
Facebook Protect simply adds friction at the point of login to keep unauthorized users out of your account. All normal account features function the same after accessing your account.
Should I consider upgrading to Facebook Verify in the future?
Facebook Verify is an even stronger security feature requiring you to record a video selfie to confirm your identity when logging into new devices. It has the following enhanced protections compared to Facebook Protect:
- Facial recognition login – Adds your faceprint biometric data for verification
- Harder to circumvent – More secure than SMS codes or authentication apps
- Better support – Direct access to Facebook team for issues
However, Facebook Verify is currently only available to accounts that face the highest risk of targeting, like public figures. For most standard users, Facebook Protect provides sufficient two-factor security.
If you feel you meet the eligibility criteria for Facebook Verify down the line based on increasing public visibility or security threats, you can request to upgrade your account through Facebook’s Help Center.
What criteria does Facebook use for Verify eligibility?
To be eligible for Facebook Verify, Facebook’s criteria indicates that your account must:
- Be at very high risk of hacking and unauthorized access
- Have a substantial public presence – such as a celebrity, politician, journalist
- Already have Facebook Protect enabled
- Show repeated high-severity threats and targeting
Only a small percentage of accounts currently meet the requirements for Facebook Verify access. For most users, Facebook Protect provides ample security through standard two-factor authentication.
Conclusion
Being required to enable Facebook Protect can be an adjustment, but provides a meaningful increase in account security against hacking and unauthorized access. While not perfect, the added friction of two-factor authentication does strongly improve your account protection compared to only using a password.
Facebook focuses on proactively enabling Protect for accounts at higher risk of compromise. So being asked to turn on the feature means Facebook’s automated systems flagged your account as needing extra security measures in place.
Overall, view Facebook Protect as a useful precaution to safeguard your account access and personal information. The minor inconveniences are well worth the security benefits and peace of mind gained.