होम
होम

Security and Governance

Understand how your organization can control and protect your accounts.

Overview

Overview

A core part of the Workplace mission is to provide a secure community for everyone who uses Workplace. Maintaining the security of account information on Workplace is at the very heart of what we do.

Account credentials at risk

Account Credentials at Risk

Workplace will show the admins of a community if an account is suspected of being a security risk. An account will be marked “At Risk” if the password has been used for a non-Facebook/Workplace service that has suffered a data breach.

If a Workplace account is at risk, an attacker may be able to access the Workplace community. Therefore, we recommend admins force the affected users to reset their passwords or disable their accounts.

How do I identify which user accounts are at risk?

If you have received a prompt that says a security risk has been detected, or the dashboard in your Security tab shows at risk accounts, this means that we suspect that the Workplace passwords of some of the user accounts in your community may be at risk. Given that there's a small risk that an attacker could use that information to access your Workplace community, we recommend that you disable these users or force them to reset their passwords.

To see which accounts may be at risk:

1
Go to the Admin Panel.

2
Click Security.

3
Go to the Dashboard tab to view a summary of Accounts at Risk.

4
Click on View to see which users are affected.

Accounts that are at risk will be highlighted in red and labeled Account at Risk in the People panel. To disable the user or force them to reset their password, click next to the account that's at risk and select Deactivate User or Force Password Reset.

Two-factor Authentication (2FA)

Two-Factor Authentication (2FA)

Two-Factor Authentication, also known as 2FA, is an extra security check that requires a user to enter an additional identifier that only they have access to. Usually this is requested once the user has entered their username and password.

As a user who has 2FA activated in Workplace, you are asked for this additional identifier each time you try to log in to your Workplace account or app from a new device. Once you've entered this identifier, you have the option to save the device to your account so that you don't have to repeat the process each tiem you log in from the same device.

There are two setup options. Both require the Workplace authentication method to be set to password:

  • Admins can set up 2FA for all or a selected group of users.
  • Users can enable 2FA on their own accounts.

In both cases, the user selects which method of 2FA they want to use: QR code or SMS.

?
For users who have their authentication set to Single Sign-On (SSO), companies have to configure 2FA at SSO level. Workplace can't be used as a stand-alone 2FA provider.
Turn on 2FA as an Admin

Turn on 2FA as an Admin

To turn on 2FA for all or selected users:

1
In the Admin Panel, select Security, click on the More drop-down box, and then select Two-factor.

2
Move the Require two-factor authentication slider to the on position.

3
At the Decide who is required drop-down, select the user group that is required to use 2FA. Remember that the authentication type for all selected users must be set to Password.

4
Set a date for the start of 2FA for this user group.

5
Click Save changes.

Your colleagues will see a notice in their feeds inviting them to set up 2FA. They can follow the instructions in Set up 2FA as a User.

If a user has not set up 2FA by the start date, they’ll see the following lock screen asking them to enable 2FA:

Turn on 2FA as an User

Turn on 2FA as an User

To turn on 2FA either in response to a request or for your own use:

1
Log in to Workplace.

2
Click on your profile picture at the bottom left of the screen, and select Settings.

3
Click Security and Login.

4
Scroll down and click Edit in the Use two-factor authentication row. You are asked to Choose a Security Method (you may also be asked to reenter your password).

5
Select either Use Authentication App or Use Text Message (SMS).
  • If you select Authentication App (eg Duo or Google Authenticator), a QR code (and an alphanumeric code) are displayed. Enter this into your authentication app.
  • If you select Text Message (SMS), the Add Phone Number dialog box displays. Enter a phone number, and then confirm that you own the number by entering a confirmation code sent to you via SMS.
Check Login failures

Check Login failures

We show admins an overview of the login failures we have registered for Workplace accounts in the last 7 days, to help them identify any suspicious patterns in their organization.

To see an overview of login failures:

1
Go to the Admin Panel.

2
Click Security.

3
Go to the Dashboard tab to view a summary of Login failures in the last 7 days.

4
Pick the event you'd like to investigate more and click on View to check the related Security Logs.