Despite Benefits, Experts Believe Facebook Won’t Require 2FA for Everyone

Is the incentive even there?

Key Takeaways

  • Experts say Facebook requiring 2FA for all users would be a huge benefit to everyone’s security, but there’s little chance of it happening any time soon.
  • It’s believed that the necessary structuring to support 2FA across all Facebook accounts is likely already in place.
  • Mandatory 2FA for all provides no direct benefit to Facebook itself, according to experts, but would risk driving away some users due to the inconvenience.
hand entering password for the validation process, one time password

KTStock / Getty Images

Experts say Facebook's two-factor authentication (2FA) requirement for Facebook Protect accounts is a sensible security measure, but it won't likely do the same for all users.

At times, Facebook will extend an invitation to high-profile accounts—such as celebrities, activists, and journalists—to join its Facebook Protect program. This provides the chosen accounts with extra security measures and security monitoring to better protect them from hacking. It's even going so far as to make 2FA a requirement for all Facebook Protect accounts, and while it's not perfect, it does offer far more protection.

So, if Facebook is beginning to make 2FA mandatory for high-profile accounts, is there a chance it will do the same for everyone else? Well, probably not, according to experts.

"When it comes to 2FA, most privacy and security enthusiasts will love it if Facebook makes it compulsory for everyone," said Peter Baltazar, Head Technical Content Writer at, in an email to Lifewire. "It would ensure that their account stays protected and does not land in the wrong hands. However, the number of such users is pretty small."

It’s Possible

Making 2FA mandatory for hundreds, if not thousands, of high-profile accounts is one thing, but almost three billion? That’s several orders of magnitude more users and could require an extreme amount of work to make functional. But the thing is, experts believe it wouldn’t actually be that difficult for Facebook to implement since 2FA is already supported. All it would need to do is make it necessary for new and existing accounts and (ideally) make the process as easy as possible for tech-averse users to complete.

woman working from home, writing in her notebook, while in a video chat on her laptop

Ivan Pantic / Getty Images

"Although 2FA is currently optional, we can safely assume that Facebook is technically ready to handle the enormous 2FA requests and make it mandatory for everyone," said Baltazar. "Facebook already provides a way to set up the two-factor authentication to everyone's account, irrespective of whether it is a standard account or Facebook Protect members account."

The issue, then, is the average user, poses Baltazar. People who likely aren't as concerned with having their account hacked may not have the patience to set up or use 2FA. Someone who pops online for a few minutes to reply to a relative's photo or post updates on their cat probably isn't much of a target, either. And even if their account did get hacked, there's little chance it would have the same potential for damage as, say, a government official.

"Typical Facebook users visit social media for fun activities like watching videos, memes, posting holiday photos, and more," Baltazar said. "They don't care much about privacy, and therefore 2FA can be annoying for such users."

But Not Very Likely

That convenience, or lack of it, is why experts believe Facebook won't extend 2FA requirements to all users any time soon. 2FA for everyone is probably very doable, but the risks of irritating and possibly alienating a portion of its user base are too high.

As stated by Baltazar, "Since the hacking news is only highlighted when an account of a famous personality gets compromised, Facebook was obliged to make 2FA mandatory for them. On the other hand, if a standard user's account gets hacked, it won't be in the news, so Facebook as a company is not affected much by that. But if it made 2FA mandatory for everyone, some users might not like it as it might take a little more time to sign in to their account."

person gesturing at laptop in bed

Dmitry Ageev / Getty Images

By keeping things as they are for the average user, Facebook risks nothing (generally speaking). However, it's likely that mandatory 2FA would drive a not-insignificant number of users away due to the perceived inconvenience of its set-up and use.

There are other ways Facebook could improve security that would be a little less aggravating than 2FA, at least for users who are disinterested in security. One suggestion from Baltazar is a compulsory password change every six months, with no allowance for repeated passwords. Several options could be implemented for smartphone-only users.

"WhatsApp and Messenger, the Facebook-owned instant messaging applications, use the phone's fingerprint scanner to unlock. This can be implemented for the Facebook application, too," Baltazar pointed out. "Facebook can also include facial recognition for more security, as most smartphones support it."

Was this page helpful?