As part of a broader update to its user security settings, Meta is retiring its Facebook Code Generator element, which enables users to log in on another device by using a code from, say, their phone to authenticate their secondary session.
As you can see in this notification, shared by social media expert Matt Navarra, Facebook is now alerting people who still use Code Generator that it will soon be going away, and that they should switch to another form of two-factor authentication instead.
Which most people already have. Code Generator is only functional when you’re already logged in on another device, so it’s not always available, and according to Meta’s Head of Security Policy Nathan Gleicher, it’s also vulnerable to attacks.
“Our in-app code generator was created before push notifications became widely adopted in our industry as a way to authenticate user sessions. We’re sunsetting the older approach to move the small portion of people who may still use it to more robust ones. It helps avoid redundancies (which can introduce their own security risks), so we're following best practices to consolidate.”
Given that only a ‘small portion’ of people still use it, the update likely won’t have a big impact – but if you sometimes find yourself referred to Facebook to validate your log in in another app or website, you may need to update your settings.
This comes as Twitter moves away from SMS-based two-factor authentication, in order to reduce telecommunications charges, while Meta itself is also developing a new system to limit costs, by using missed calls as a verification method instead.
Maybe that’s the direction that Meta will be guiding users towards at some stage, while you can also use free apps like Google Authenticator, or security keys.
Also, Meta’s not getting rid of SMS 2FA, or making it a Meta Verified exclusive. Well, not at this stage anyway.
But if you use Code Generator, time to update.