How to Remove Two-Factor Authentication in Facebook Ads Manager (And Whether You Actually Should)
You can remove two-factor authentication (2FA) from your personal Facebook account — but if you're running ads through a Business Manager or Meta Business Suite, there's a meaningful catch: Meta may require 2FA for accounts with access to ad spend, and that requirement can't always be turned off. Here's exactly what you can control, what you can't, and how to make the process as painless as possible.
Why This Comes Up for Advertisers
Most people searching for this aren't trying to blow past security. They're dealing with a practical friction: a new team member who can't log in, a shared agency account that breaks every time someone gets a new phone, or a client who locked themselves out mid-campaign. Those are real operational problems, and understanding how Meta structures authentication helps you solve them cleanly.
Step 1: Understand What's Actually Enforcing the 2FA
There are two separate layers:
- Your personal Facebook account settings — you control these directly.
- Your Business Manager's security policy — an admin on the Business Manager may have set a requirement that all users on that account must have 2FA enabled.
If you're being prompted for 2FA every time you log in to Ads Manager, check which layer is causing it before you try to turn anything off.
How to Turn Off 2FA on Your Personal Facebook Account
If the requirement is coming from your personal account settings (not a Business Manager policy), here's how to disable it:
- Go to facebook.com and log in.
- Click your profile photo in the top-right, then go to Settings & Privacy → Settings.
- In the left sidebar, select Security and Login.
- Under the "Two-Factor Authentication" section, click Edit next to "Use two-factor authentication."
- You'll be asked to enter your password.
- Select Off, then click Disable to confirm.
That's it. The setting takes effect immediately. You won't be prompted for a code on your next login — as long as no Business Manager is overriding this at the organizational level.
When You Can't Turn It Off: Business Manager Requirements
Meta allows Business Manager admins to enforce 2FA for every user on the account. If your Business Manager has this turned on, individual users cannot opt out — even if they disable it on their personal account, they'll still be prompted when accessing the Business account.
To check or change this as an admin:
- Go to business.facebook.com.
- Click the gear icon (Business Settings) in the left sidebar.
- Under Security Center, look for "Require two-factor authentication."
- Admins can toggle this requirement on or off for all users, or set it for specific roles (admins only, all users, etc.).
If you're not the admin, you'll need to ask whoever owns the Business Manager to adjust this setting. There's no workaround — Meta enforces it at the account level.
The Honest Advice: Think Before You Disable It
If your real goal is reducing login friction for a team or agency, turning off 2FA is the wrong solution. Here's why it matters specifically for ad accounts:
- •Ad account hijacking is extremely common. A compromised account can drain budget in hours and get your account flagged or banned. Meta's own support process for recovering a hacked ad account is notoriously slow.
- •Payment methods are attached to ad accounts. Removing 2FA exposes stored credit cards and billing details, not just campaign data.
- •Agency and client relationships carry liability. If a shared account without 2FA gets compromised, every campaign running on it is at risk.
Better Alternatives to Disabling 2FA
- •Use an authenticator app instead of SMS. Apps like Google Authenticator or Authy are faster and more reliable than text codes, especially across time zones.
- •Set up Facebook's Trusted Devices. Once logged in on a trusted device, you won't be prompted for 2FA again on that device.
- •Use Meta Business Suite roles properly. Instead of sharing login credentials (which is what makes 2FA feel cumbersome), give team members their own user access within Business Manager. Each person authenticates with their own account.
- •Consider a password manager with TOTP support. Tools like 1Password can store both your password and your 2FA code, making the login a single step.
What This Has to Do With Ad Performance
Security and creative performance are more connected than they look. Agencies that run lean, well-structured Business Manager accounts — with proper user roles, clean billing, and protected access — tend to have more stable ad accounts. Fewer disruptions from account flags, fewer emergency escalations to Meta support, and more time focused on what actually moves the needle: the creative.
That's the layer worth optimizing. Ad creative quality is one of the highest-leverage variables in Meta advertising today. With iOS privacy changes limiting audience targeting precision, the creative itself is increasingly doing the targeting work — Meta's algorithm serves ads to people who respond to them, and the signal it learns from is engagement with your actual ad.
If you're spending time wrestling with 2FA logistics, it's worth asking whether your ad ops infrastructure is set up in a way that lets your team focus on creative testing and iteration instead.
Quick Reference
Situation Solution Disable 2FA on personal account Settings → Security and Login → Two-Factor Authentication → Off Business Manager enforcing 2FA Admin must change it in Business Settings → Security Center Team login friction Use individual user roles in Business Manager, not shared credentials Faster 2FA experience Switch to an authenticator app; enable Trusted Devices
The mechanics here are straightforward once you know which layer is enforcing the requirement. The harder question is whether removing it is actually solving the right problem — or whether a better-structured account setup would get you there without the security tradeoff.
