Facebook Protect is Facebook’s security program designed to protect high-risk users against malicious hackers. This includes people like human rights defenders, journalists, and government officials. For selected users enrolled, the program closely monitors their accounts for hacking attempts, sweeps them for vulnerabilities (like password strength), and installs a two-factor authentication (2FA) by default.
Earlier this month, Meta (Facebook’s parent company) expanded Facebook Protect, making it a mandatory feature for users who have a high number of followers, or who are associated with influential Pages and Groups. The 2022 US midterm election and the threat of Russian cyberattacks, are very much behind Meta’s attempt to boost security for high profile users and curb the spread of disinformation. It’s not a bad idea, especially given the source, but the rollout has been an issue for users who do not know what it is, and think they may be getting hacked.
Here’s what went wrong:
In early March, selected users received an email from Facebook telling them they had to enroll in Facebook Protect by March 17, 2022; after that access their account would be denied.
Mandating – rather than encouraging – Facebook Protect is one way to quickly bolster security across the app’s usership. However, notifying users via email isn’t. To make matters worse, the email seemed to many users like a phishing scam (“Click this link by [date] or you will be locked out of your account.”). With zero notification regarding Facebook Protect on the actual platform, there was nothing to make users believe the email was legit.
Many users overlooked the email or deleted it as a conditioned response to a potential scam. Users turned to Twitter to complain about the misleading notification email and the inability to access to their account.
To make matters worse, even users who did activate Facebook Protect have still been locked out of their accounts, and other users are facing technical difficulties getting codes sent to their phones to enable 2FA.
What’s next?
No one seems to know what’s next, including Meta, which did not respond to a request for comment and has only tweeted a link to a help page: “Why is my personal Facebook account disabled.” Users have found it to be not super helpful when facing technical glitches and a locked account.
Does this concern me?
Facebook only makes Facebook Protect mandatory for users they perceive as high risk, and no action is required if you have not been prompted to enroll.
While there are currently no plans to mandate the feature on all accounts, Facebook does plan to launch expansions of the program on a roll-out basis to further high-risk groups. If you do happen to be selected, verify that the email is from security@facebook.com before clicking any links from atypical emails regarding Facebook Protect.
In the meantime, you don’t need Facebook Protect to set up a two-factor authentication – which is always a good idea on any online account you manage, and it may keep you from being bothered if Meta rolls the feature out to other users.
Here’s how to do it on your own:
- Go to your “Security and Login” settings.
- Scroll down to “Use two-factor authentication” and click “Edit”.
- Choose the security method you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
- Selecting your security key on a compatible device.
- Login codes from a third-party authentication app.
- Text message (SMS) codes from your mobile phone.
