Tech Q&A: Another solution to prevent Facebook hack is an authenticator app

I recently wrote about how to reclaim your Facebook account after it’s been hacked (see But several readers said it’s not so easy to recover a Facebook account.

They report that the recovery process Facebook offers its users is slow and sometimes doesn’t work at all. There’s no fix I can suggest for that, because Facebook is in control of when or if it returns hacked Facebook accounts to users. But I can suggest a way to reduce your chances of being hacked, or to improve your chances of account recovery if you are hacked: Add an “authenticator app” to the device on which you log in to Facebook.

When an authenticator app is set up with a website like Facebook (see, it adds a layer of security that you won’t even notice. You’ll log in to the Facebook site with your username and password as usual, and Facebook will recognize both you and the device you’re using (computer, phone or tablet). The authenticator app only comes into play if someone tries to log into your Facebook account using an unrecognized device. Facebook then creates a temporary passcode (it lasts only 30 seconds) that’s based on some authentication standards and the time of day — but Facebook won’t tell anyone what that code is.

If the person using the unrecognized device is you, your authenticator app will calculate the same code in the same way, then display it so that you can type it onto the Facebook page. When the codes match, your identity has been “authenticated” and Facebook will allow you to sign in.

But if the person using the unrecognized device is a hacker (who has stolen your username and password), he or she won’t have the temporary passcode and won’t be allowed to sign in.

Wait a minute, you say. Isn’t this just a fancy description for the “two-factor authentication” that Facebook offers — the company will text you a verification code that you can type into the website to prove your identity?

No. While authenticator apps are a form of “two-factor authentication,” they’re much safer than a texted Facebook verification code.

Why? A texted verification code can be intercepted by a hacker who imitates your cellphone number and thus receives all your text messages. Without that texted verification code, it’s hard to prove who you are. As a result, you might be locked out of your Facebook account forever.

Authenticator apps get around this problem by letting you generate your own verification code. That makes you less likely to be hacked, and more likely to recover your account if you are.

Some well-known free authenticator apps include Authy, Google Authenticator, Microsoft Authenticator (see

Question: I’d like to use a Dell OptiPlex 980 PC with Windows 10 as a home media server that would send photos, music and videos to another PC, two iPads and two iPhones. I’d also like to able to access it remotely over the internet when I travel, and to have at least password protection. Can you suggest some free, or at least inexpensive, media server software that can do all that? — D.M., Milan, Mich.

Answer: Most media center programs won’t work for you because they’re TV-centric — they send TV or internet video to other devices, or send your files to a TV. You need the rare program that just redirects just your personal files from a server to a computer, phone or tablet.

There are a couple of programs that might fit your needs. Check out the free MediaPortal (see software that runs on Windows, or Emby (see, which costs $5 per month, and runs on the Windows, Mac and Linux operating systems.