Facebook finally stops screwing around with two-factor authentication

Take a deep breath. Facebook just did something good.

The company announced in a May 23 blog post that it would no longer require a phone number to set up two-factor authentication, and would instead allow for the use of an authenticator app. Such apps, like Google Authenticator, are widely acknowledged to be an improvement over SMS-based 2FA.

For those unfamiliar, two-factor authentication provides a second layer of security to online accounts. In addition to the standard password, you need a second factor — usually a number texted to your cellphone or generated by an authenticator app —to login. For those who worry about phishing attempts or any kind of hacking (which should be everyone on the internet), setting up 2FA is a must.

"We previously required a phone number in order to set up two-factor authentication, to help prevent account lock-outs," reads the Facebook blog post. "Now that we have redesigned the feature to make the process easier to use third-party authentication apps like Google Authenticator and Duo Security on both desktop and mobile, we are no longer making the phone number mandatory."

Original image has been replaced. Credit: Mashable

To enable this feature, go to the appropriate Facebook page and select “Security and Login.”

Notably, Facebook recently made a different kind of 2FA and phone number news. Back in February it was revealed that the company was spamming Facebook users on the cellphone numbers they had provided for two-factor authentication. Not a good look.

This Tweet is currently unavailable. It might be loading or has been removed.

"It was not our intention to send non-security-related SMS notifications to these phone numbers, and I am sorry for any inconvenience these messages might have caused," wrote Facebook Chief Security Officer Alex Stamos following a public backlash.

Today's news is a small step toward correcting for that screw up. And, honestly, it's just good security.

So go ahead and set up the authenticator app, and then remove your phone number from Facebook. Or, heck, delete your account altogether. That works, too.