Matt McCormick

Use Facebook's 2-factor Authentication with Third-Party TOTP Generators

If you don’t know what 2-Factor Authentication is, you can read up about it here. Essentially it is a service that makes it nearly impossible for any of your online accounts to be hacked, by requiring two forms of authentication: something you know (a password) and something you have (a mobile phone). Google provides a great, open application for iPhone and Android that generates one time use codes that you enter into a website when you login. Many online services offer this such as Google, Facebook, Blizzard games, banking websites, etc.

Facebook offers 2-Factor Authentication (in the form of “Login Approvals”), but it’s somewhat difficult to setup third-party code generator applications with their service. They would prefer that you use text messaging or their Facebook mobile app to get your codes, but it is possible to use Google Authenticator or another application. Here’s a step-by-step guide on how to use a third-party app:

  1. Login to Facebook.
  2. Navigate to Account Settings, then Security.
  3. Look for Login Approvals, and click Edit.
  4. If you haven’t already, enable the Login Approvals feature.
  5. Click the Set up Code Generator link.
  6. When the modal dialog appears, click Next.
  7. Click the Having trouble? link.
  8. On the following page, click the Get Key button.
  9. You can then enter this key into any Time-based One Time use Password (TOTP) generator like Google Authenticator for iPhone and Android or my Authenticator app for Windows Phone.
  10. After entering this key into the TOTP generator of your choice, click Continue.
  11. Enter your current one-time use code generated by your phone and click Continue to save these settings.
  12. You can now use your phone to generate your login approval code without having to wait for a text message.

You can download the Google Authenticator app for iPhone and Android online. If you’re a Windows Phone user, you can download my Authenticator app and add your Facebook account using the steps above.

Contribute to this post

Want to suggest changes to this content? You can edit and submit changes to this post using GitHub.

My name is Matt McCormick and I'm a Program Manager at Microsoft and a Computer Science graduate from Purdue University. I live in Seattle with my wife and our dog and I'm always hacking away on something.