Meta to mandate two-factor authentication for high-profile users

The new security requirement will be gradually phased in.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
Facebook Connect / Meta event October 2021

Meta CEO Mark Zuckerberg wants to tighten security.

Screenshot by CNET

Facebook-owner Meta said Thursday that it will begin requiring its highest-profile and highest-risk users to protect their accounts with two-factor authentication.

The new security requirement will apply to users of Facebook Protect, a feature offered to human rights activists, journalists, government officials and other high-profile users deemed likely to be targeted by cybercriminals. The feature also monitors accounts for hacking threats.

"I'm not suggesting that two-factor is a silver bullet," Nathaniel Gleicher, Meta's had of security policy, said on a call with reporters. "It's just one tool, but it's a very effective tool."

Two-factor authentication is a security step universally recommended by experts. It adds an extra layer of protection to a user's account by requiring a second form of authentication, such as a smartphone push notification, biometric indicator or physical security key, in addition to an account password. That way even if a user's password is compromised, the account remains protected.

Meta will focus on making two-factor authentication as easy to use as possible, Gleicher said. It will roll out the requirement first in places where it's best able to provide support, as well as ahead of critical events like elections. 

The company, which was formerly known as  Facebook , started testing Facebook Protect in 2018 and expanded its rollout ahead of the 2020 election. The new requirement, which comes ahead of the 2022 US midterm elections, is part of a global expansion of the service that started in September.

About 1.5 million accounts have enabled Facebook Protect, with 950,000 of them newly enabling two-factor authentication. Meta plans to roll out the program to more than 50 countries by the end of this year.