Facebook, now a Meta subsidiary, said it would mandate two-factor authentication (2FA) for accounts that are more likely to be attacked by hackers and bad actors.

The initiative is a part of expanding Facebook Protect, the social media company’s security program that hopes to protect accounts of people frequently targeted by hackers, including human rights activists, journalists, and government officials. Mandating 2FA will strengthen and simplify the program’s security while monitoring potential hacking threats.

Facebook Protect debuted in 2018 and expanded ahead of the 2020 US elections to curb abuse and election manipulation from spreading on Facebook. The company claims that the program’s security measures are now enabled on over 1.5 million accounts, and over 950,000 of those have 2FA enabled. The program is expanding to 50 countries by the end of 2021, including the US, India, and Portugal, with more expansion on the cards for 2022.

Facebook clarified that if it identifies a high-risk account and the user doesn’t enable 2FA within the stipulated period, they won’t be able to access their accounts until they enable the feature.

Facebook noted that 2FA has been “historically underutilized across the internet.” The company’s head of security policy, Nathaniel Gleicher, told TechCrunch:

“2FA is such a core component of any user’s online defense, so we want to make this as easy as possible. To help drive wider enrollment of 2FA, we need to go beyond raising awareness or encouraging enrollment. This is a community of people that sit at very critical points in public debate and are highly targeted, so for their own protection, they probably should be enabling 2FA.”

Gleicher cited initial testing reports that showed 90 percent of high-risk users enrolled for 2FA once Facebook Protect mandated it. Meanwhile, the company’s data shows that a measly four percent of its entire user base has enabled the security feature. Despite that, Facebook is limiting the mandate to high-risk accounts for now. In 2018, Gizmodo found Facebook misusing phone numbers saved for 2FA to deliver targeted advertising. So, we aren’t sure if mandating it for everyone is a good idea anyway.

Have you enabled 2FA on your Facebook account yet? Would you encourage others to do it, even if Facebook doesn’t mandate it for everyone? We would love to hear from you in the comments section below.