Facebook Retires Code Generator Element in User Security Update

Facebook is retiring its Code Generator element as part of its broader update to user security settings. The feature allowed users to log in on another device using a code from their phone to authenticate their secondary session. Facebook is now alerting those who still use the Code Generator that it will soon be going away and they should switch to another form of two-factor authentication instead. The update is unlikely to have a significant impact as only a small portion of users still use the feature. Facebook’s Head of Security Policy Nathan Gleicher says the Code Generator is vulnerable to attacks and the company is moving towards more robust authentication methods, such as using missed calls as a verification method. Users can also use free apps like Google Authenticator or security keys. While Twitter is moving away from SMS-based two-factor authentication to reduce telecommunications charges, Facebook is not getting rid of SMS 2FA, or making it a Meta Verified exclusive, at this stage.