How to set up Two-factor Authentication for a business page on Facebook and Instagram (2FA)
27 October 2023
cyber security account hacking of Facebook and Instagram small business accounts is minimised by enabling two-factor authentication

Security of your data and your page is a big deal to Facebook and Instagram (Meta) and it should be to you, too!
As a small business owner, using the platform(s) to market your business and access the audience you’ve been carefully curating and building relationships with… well, you wouldn’t want to lose access to those accounts… to see them hacked, see your content and photos being stolen, and to top it off… you become ‘locked out’ and denied access, having to start from scratch with a new account 😱

When an account is hacked, even having a complex password will NOT be enough to protect that account.

Sometimes ‘hacks’ happen by accident too – say, your password has been guessed or phished (revealed inadvertently, in a dupe) or you left your account logged in on another device which someone else could access.

Hacks are all-too-prevalent, though. It’s a sad truth.

Facebook and Instagram do offer a maximum level of security to protect your account, BUT it isn’t standard or default. As users of the platforms we have to specifically enable that additional protection, which is known as Two-factor Authentication (sometimes called 2FA).
2FA won’t offer total protection against hacks or compromised access, but the additional verification required will definitely put a much more secure barrier in place.

A more familiar type of Two-factor Authentication is used by banks and ecommerce sites, as standard, as they verify the CVC 3-digit code on the back of your bank/ credit card, as well as the account number/ card number.

How does Two-factor Authentication protect my social media account?

If Facebook and/or Instagram see that your account is being logged into on a device that is not recognised ie not one you usually use, it will flag this activity to you via a secondary route. It’s checking that the login is legit and wants to authenticate the activity is by you. (It might be; say if you’re using a library computer or at a friend’s house.)

It might also do this 2nd layer checking, to authenticate that ‘you’ are really ‘you’ when you try to update the security info of your account (even on a usual, recognised device). Eg, if you try to change your login info/ password to access your account or any connected accounts.
Often this verification is via an authenticated email link (password reset), but the 2FA authenticator code can be requested, if you can’t access that email.

One thing to note…
Each account is treated separately, even if you have connected the access to all of them. So it’s important to engage Two-factor Authentication for each account in turn.
Turning on 2FA for one doesn’t automatically turn it on for all of them!

Here’s how to make sure you enable Two-factor Authentication for each Facebook and Instagram account… follow this simple breakdown of steps.
The first 4 steps will look a bit different (visually) if you’re following the process on Facebook vs Instagram, however the steps and links to tap are labelled with the same words. I’ll describe the process for both, then you can follow steps 5 onwards the same for either platform.

Enabling 2FA on Facebook

These same steps apply for the mobile app and desktop version…
Start by logging in as your personal profile. If you’re logged in as your business page, it’s ok, go through the same steps 1-3 and it will direct you to switch profiles back to your personal profile, in order to manage the account settings. Hit ‘Switch’ and from here, it’ll take you to step 4.

1. Tap the profile icon to view the access menu for that account
2. Scroll down to tap ‘Settings & Privacy’

Screenshot when viewed on desktop, of the Facebook feed of a business page, and the right-hand dropdown menu for the settings of that account.
This is what Step 2 looks like on a desktop, via Facebook

3. Tap ‘Settings’
4. You’ll see box for ‘Accounts Centre’ top (it’s viewed on the top left on a desktop)…
It shows all accounts you have access including ones you have been granted admin access to/ permission to log into, as well as ones you have setup and have ownership. It also shows the connected Instagram accounts, as well as Facebook ones.

Those 4 steps, again, this time if…

Enabling 2FA on Instagram

Specifically, follow these steps via the Instagram app; it’s not possible to set up 2FA for Instagram via desktop:

Start by opening the app, and check you’re logged in as your business page (the icon in the bottom right will display as the one for your professional account)…
1. Tap your profile icon bottom right corner to go to your home page
2. Use the hamburger menu icon (3 horizontal lines) in the top right, to access your page management menu
3. At top of list, tap ’Settings and privacy’
4. At the top, you’ll see the ‘Accounts Centre’ box… tap this. It’ll access your Meta accounts centre.

Two screenshots when viewed on mobile, of the Meta Accounts Centre settings view for Facebook and Instagram accounts.
Meta Accounts Centre, via on mobile via Facebook (left) and via Instagram (right)

Continuing whether you’re using either Facebook or Instagram,
The Accounts Centre looks the same… so, in the Accounts Centre box:
5. Tap ‘Password and security’. From the IG app, this is around half-way down under ‘Account settings’

Screenshot when viewed on desktop, of the Facebook settings and Meta Account Centre menu, in order to enable two-factor authentication
On Facebook, via desktop, click the ‘Password & security’ option (Step 5)

6. Tap ‘Two-factor Authentication’ to check or enable the 2FA additional security level.
7. You’ll see the username and name log in for each of the profiles and pages you have on Meta (ie for Facebook and for Instagram).
So tap one corresponding to one of your accounts. (I suggest enabling Two-factor Authentication for ALL of them.)

Two screenshots when viewed on mobile, of the Meta Accounts Centre, showing how to enable two-factor authentication for that account.
On mobile, enable the settings for two-factor authentication (Steps 6 & 7)

If you don’t already have 2FA enabled, the page will say ‘Add extra security to your account’ and let you choose the authentication method(s). You’re able to control how you want Facebook and Instagram to check and authenticate your identity, if suspect activity is detected.

This happens by checking verification either through an external authenticator app (which you install on your phone). I use Google Authenticator (here’s the link via Google PlayStore and via the AppStore for iOS); Meta also suggests Duo Mobile as another trusted 3rd-party app.
Or another verification option is for Meta to send a 6-digit code to you by text or WhatsApp.

I definitely recommend the use of an authenticator app, as this is a highly secure method to protect your account. Text messages are less secure.
In the 2FA page for that account, you can even set a backup option for the authentication.
You can update your 2FA preference(s) at any time, too, as well as updating the phone number you want codes to be sent to.

If you do already have 2FA enabled, the page will say so, and allows you to check and/or adjust the authentication method(s) if needed.

I strongly recommend that you make sure to have Two-factor Authentication enabled for your small business page, and that you repeat the same process for all your other profiles, including your personal profile on Facebook.
That’s because your personal profile is the one that a Facebook business page is attached to.

So even if you feel your personal profile is secure enough – say, there’s nothing there you don’t use Facebook for personal stuff/ nothing to hack into or steal there – your business page would be accessible through it, so definitely enable 2FA security level for this account profile.
The additional time needed on those occasions when verifying your access via 2FA? To protect against hacks and cybercrime? It will be time well spent, in my opinion.

Stay safe online and see you next time, Ruth

Of course, let’s all remember that strong passwords are vital as the first line of defence too – weak passwords are always more easily compromised, even before reaching any 2nd authentication stage.
Using strong passwords and regularly updating them is important.


Submit a Comment

Your email address will not be published. Required fields are marked *

Other articles you may find useful…

What are banned hashtags on Instagram?

What are banned hashtags on Instagram?

*Updated for Feb 2024* Hashtags play a valuable role when implementing the social media marketing strategy for your small business, especially on a platform such as Instagram. As a marketing expert, I emphasise their significance in enhancing the visibility if you are...