Facebook will force users at risk of being hacked to enable two-factor authentication

The new rule will apply to members of its Protect program.

Charnchai via Getty Images

Facebook has taken steps to ensure that users most at risk of being hacked don't lose their accounts to bad actors. The social network has updated its Protect program that was designed to provide extra security features to human rights activists, politicians, journalists and other at-risk users. In a press call with reporters, Facebook announced that it'll start requiring users part of the program to switch on two-factor authentication.

The website will start implementing the new rule over the coming months all over the world — for members in the US, the requirement will take effect sometime in mid-to-late February. Facebook explained that it worked on making the enrollment and use of two-factor on its website "as frictionless as possible for these groups of people by providing better user experience and support." It admitted that it may take time for all users to be able to comply with the new rule, since not everyone actively uses its platform. But Facebook and its parent company seem to be pleased with what they'd seen in early testing.

Meta's head of security policy Nathaniel Gleicher said:

"So far, it's actually going very, very well we're seeing well above 90% of people successfully enabling ahead of that mandatory period."

Facebook first tested Protect back in 2018 and offered it to American politicians ahead of the 2020 US Elections. It expanded the program's scope and opened it up to more users after that— in my case, I was locked out of my account until I activated it. The website is now on track to make the program available in more than 50 countries by the end of year, including the US and India, where most of its users are based.

Gleicher said over 1.5 million users had enrolled in the program so far, and 950,000 of them switched on 2FA thanks to Protect. He also said that 2FA is an underutilized feature on the platform, with only 4 percent of the website's monthly users enabling it. Even so, there are no plans to require people outside of the Protect program to switch it on.