Facebook Now Supports Passwords, and You Should Probably Use Them
If you’ve been using Facebook long enough, you probably know people whose accounts have been “hacked.” Maybe it’s happened to you, too — one minute you’re minding your own business, and the next, your friends and family are sending you messages asking, “Why did you send me this?” and “Have you been hacked?”
You see, your Facebook wasn’t “hacked,” but rather “accessed.” Someone got your password, either by guessing it, tricking you into submitting it, or through a data breach, and logged in as you. If you had two-factor authentication (2FA) set up, the likelihood of this happening would be much lower, but not impossible. That’s where passwords come in.
Facebook and passwords
Good news: Facebook now supports passwords. Meta announced the news in a blog post Wednesday , saying the authentication method will launch on iOS and Android devices “soon,” with Messenger getting the feature “in the coming months.” For what it’s worth, I can see the ability to create passwords now in the Facebook iOS app.
Meta seems pretty excited about this news — and not just because the company is a member of the FIDO Alliance, the organization that created passwords. Meta says that in addition to logging into your Facebook account, you’ll be able to use passwords to automatically fill in payment information when you buy things with Meta Pay. You’ll also be able to use the same password for Facebook and Messenger, and your password will act as a key to lock your encrypted Messenger chats.
Meta is usually at the bottom of my list when it comes to companies that care about user privacy and security. But accepting passwords is a good thing for Facebook accounts everywhere. In fact, when you have the option, you should probably set it up.
Why use a password?
Passwords combine the convenience of a password with the security of 2FA. Unlike passwords, you don’t have to choose a sequence of words, symbols, or numbers to enter each time you want to log into your account. Instead, you set up a password on the device itself, like your smartphone. When you need to authenticate, you do so on your device using a face scan, fingerprint scan, or PIN. Your device then verifies your identity with the account owner, who then allows you to log into your account.
Because there is no passphrase or passphrase, passwords are effectively protected from phishing: hackers won’t be able to trick you into sharing your password with them because there’s nothing to share, and you won’t have to worry about Meta losing your passwords in a data breach. 2FA can also prevent attackers from hacking your account if they know your password, but even 2FA is susceptible to phishing . Since most 2FA uses a numeric code, hackers can convince you to send them a code . However, without a device tied to a password, hackers won’t have much luck.
Once set up correctly, signing into your accounts will be as easy as scanning your face or quickly entering your PIN on your phone—easy but secure.
Meta (and in this case, Facebook specifically) is far from the only platform to offer passwords. Companies like Apple , Google , Microsoft , and even X have been implementing this security measure for the past few years. In fact, Microsoft now makes passwords the default authentication option when setting up a new account.
How to Set Up a Password for Facebook
Once password support is rolled out to your Facebook app, you’ll find your settings in the Account Center. You can open it from the Menu tab by clicking the down arrow next to your name and selecting “Go to Accounts Center.”
In Account Center, select Password & Security, then tap Access Key. From here, tap Create Access Key. Tap Create Access Key in the pop-up window, then enter your current Facebook password. Your device will prompt you to confirm the creation of the access key (for example, on an iPhone, you can use Face ID to complete the access key setup).
That said, creating a passkey won’t delete your Facebook password. It’s still there, because Meta uses it to sign in to Facebook on other devices. (Some companies have alternative methods that ensure you can sign in without needing the original device that created the passkey.) So make sure your Facebook password is strong and unique ( don’t use the same password for Facebook as your other accounts), and set up 2FA for when you ever use a password. ( Avoid SMS-based 2FA if you can .)