How to Secure Your Facebook Account

With so much personal data contained in your Facebook profile, you definitely shouldn’t take a light approach when it comes to securing your account. The good news is that by taking a few relatively simple steps, users can reduce the risk posed by Facebook security threats. This tutorial discusses how to secure your Facebook account to ensure the account and all its information is well protected.

1. Smart Password Management

Creating a strong, unique password is perhaps the first step towards securing your Facebook account. Even so, some experts believe it’s important to update your social media passwords regularly to keep hackers at bay. As a result, you should know how to change your Facebook password.

PC

1. Open Facebook in a browser on your computer.
2. Click on the downward-pointing arrow in the upper-right corner and select “Settings & Privacy” from the menu that appears.

3. Go to “Settings.”

4. From the left side of the display, select “Security and Login.”
5. Tap on “Change password.”

6. Type in your current password and the new one twice. Click on “Save changes” below to continue.

Mobile

1. Open the Facebook app on your mobile device.
2. Tap on the hamburger menu in the upper-right corner of the display.

3. Press on “Settings & Privacy” at the bottom.

4. Select “Settings.”

5. Tap on “Password and Security” at the top.

6. Select “Change Password.”

7. Type in your current password and the new one twice, then tap on “Update Password.”

You can change your password even when you’re not logged in to your account. You’ll need to access the Facebook Accounts Page and use your email or mobile number to identify your account.

Once your account is located, you can have Facebook send you the code to reset your password via your Google account.

Additional Safety Tips

Making sure your password information isn’t readily available to third-parties is also an important part in securing your Facebook. To this end, it’s recommended that you don’t use your Facebook password anywhere else online or share it with other people.

Make your password something hard to guess, so don’t include things like your name, date of birth or other common information. Moreover, if you are known for keeping records of your passwords, take precautions and store them in a safe folder on your PC or notebook that is kept in a private place to avoid others stumbling on this information. Saving your passwords in an encrypted password manager is of course ideal.

Beyond fears of curious individuals finding or guessing your password, users also have phishing scams to worry about. To this end, you should never ever share your login information – be it with other people directly or with websites asking you to log in with your email and password via email or other types of communications. To avoid scams, always check the website’s URL before you enter your login information. Legit emails coming from Facebook concerning your account always come from fb.com, facebook.com or facebookmail.com.

2. Set Up Two-Factor Authentication

Two-factor authentication (2FA) is a security measure that adds an additional layer of protection to your account, so even if someone knows your password, they still won’t be able to get into your Facebook account, unless they are able to provide a second identity verification. This usually comes in the form of a code that gets sent to your mobile phone via an SMS or an authenticator app such as Google Authenticator.

When it comes to Facebook, you have not one but three options when it comes to adding an extra security method when you log in to your account. Here’s how to enable two-factor authentication (2FA) for your Facebook account.

Desktop

To enable 2FA via Facebook on your computer, follow these steps:

1. Go to “Security and Login” as shown above.

2. Click on “Use two-factor authentication,”
3. Here you have three options to choose from: a) authenticator app b) text message (SMS) and c) security key. Facebook recommends that you opt for an authenticator app for increased protection. For the purpose of this tutorial, we are following that advice.

4. Facebook will display a QR code and an alphanumerical code.

5. Go back to your phone and install the authenticator app, if you haven’t already. Open the app and select the “Scan a QR code” option. Alternatively, you can also enter the setup key, but the former option is more convenient. Use the phone to scan the QR code.

6. This will open an “Account added” page on your phone with the code displayed underneath. Press “Add Account.”
7. On your PC, press “Continue.”
8. Input the verification code from the app.

9. Type in your Facebook account password.

10. Congrats, your two-factor authentication is now on.

Authorized Logins

Facebook keeps track of your logins and keeps a list of where you’ve logged in the most. The app recognizes these logins as safe, but you may not agree. You’re encouraged to check out this list and decide whether certain devices/browsers should be included. This is an important security aspect you should not overlook, as Facebook allows you to log in to these devices without a code. Here’s how to view the list:

1. Go to “Security and Login.”
2. In the “Two-factor authentication” section, click on “Authorized Logins.”

3. This should bring up the list mentioned above. You can tick the devices you want to remove from the list.

4. Click “Remove” to get rid of them.

Mobile

On mobile, the process of enabling two-factor authentication is relatively similar. Again, make sure you have an authenticator app installed on your device before you start the process to ensure it unfolds as smoothly as possible.

1. In the mobile app, open up the “Password and Security” section as explained above.

2. Find the “Two-factor authentication” section and tap on the “Use two-factor authentication” option.

3. Select your preferred method (we opted for the authenticator app yet again), and tap the “Continue” button at the bottom.

4. Facebook will generate the QR code and written code. If you have both Facebook and the Authenticator app installed on the same device, hit the “Set up on same device” option, then “Continue.”

5. The authenticator app will detect your Facebook account and will add it. Press “Okay.”
6. You’ll be able to see the confirmation code in the authenticator app. Long-press on it to copy it to your device’s clipboard.
7. Go back to the Facebook app and paste the code. Press “Continue.”

8. You’ll be notified that 2FA is now on. Press “Done.”

If you change your mind about 2FA later on, you can easily disable the feature by following the steps described above to turn it off.

Authorized Logins

1. On mobile, you can also review and remove devices that you don’t want to be authorized for direct login. Tap on the “Authorized Logins” option under “Two-factor authentication.”

2. From there you can remove devices by tapping on the “X” button.

3. Use a One-time Password to Login

When it comes to logins, Facebook puts another security option at your disposal. You can login in to your Facebook account using a one-time password. It’s possible to use this option anytime you don’t feel comfortable logging in with your real credentials, such as in a public space like a library, hotel, etc. Note that this option will not work if you have two-factor authentication enabled.

Moreover, you will need to have set up “Facebook texts” prior to attempting this by going to “Settings -> Mobile” and adding your phone.

Desktop & Mobile

1. If you’re in the US, use your phone to send a text message (SMS) to 32665 with the message “otp.” If you’re outside the US, check this list to see which carriers support this option and what number you need to use.
2. Those who previously linked your phone number with your Facebook account will receive a reply containing your temporary password (six characters).
3. On the other hand, if you haven’t linked your mobile phone to Facebook, you’ll get a mail with instructions of what to do next to get possession of your code.
4. Once you receive the code, just type that in the password field in the Facebook app or website.

4. Set Up Alerts for Unauthorized Logins

Even with 2FA authentication enabled for your account, you may still feel an additional layer of security is needed. If that’s the case, know that you can opt to add login alerts. These will let you know when someone tries to log in from an unrecognized device or web browser by providing you with info about the device that tried logging in and its location. Follow the below instructions turn on alerts for your account.

Desktop

1. Go to the “Security and Login” section as we showed you in the sections above.

2. Find the “Setting Up Extra Security” section and click on the “Get alerts about unrecognized logins” option to enable the feature.

3. Once the feature is enabled, click on Edit next to the option and select how you wish to receive login alerts. You can opt to get them in the form of a in-app notification or via Messenger, although this feature will soon be retired in favor of the former. The third choice is to get the alert via your email.

4. Click “Save Changes” once you make your choice.

When login alerts start pouring in, Facebook will ask you to approve each login activity by clicking or tapping on “This was me.” If you don’t recognize the activity, then click on “This wasn’t me,” and Facebook will help you reset your password and secure your account.

Mobile

1. Go back to the “Password and Security” section on your mobile device using the steps above.

2. Under “Setting Up Extra Security,” tap on “Get alerts about unrecognized logins.”

3. Select how you want to receive these login alerts.

That’s it. Facebook will send you an alert every time you or someone else tries to log in from an unrecognized device or browser.

5. Look for Suspicious Devices

In correlation with setting up login alerts, you should be aware of which devices and browsers you use. Facebook will send you alerts containing information, such as the device’s name and location. Keeping track of all the devices you’ve recently use to log in may help you uncover any suspicious activity.

You can-cross check your recollections with Facebook’s list that records where you’ve logged in. Here’s how to access it:

Desktop

1. Under “Security and Login” you should spot the “Where you’re logged in.” Tap on “See More” to see a complete list of where you’ve logged in recently.

2. Once you spot a suspicious device or location (for instance, if you never logged in with your Facebook account on a Linux device), tap on the three dots next to the entry and select the “Not You?” option. Alternatively, you can choose to “Log Out” remotely from this device.

3. If you want to make sure you didn’t forget logging out of your account on a certain device, scroll down all the way to the bottom and click on “Log out of all Sessions.”

Mobile

1. On your mobile device, you can find the same information by going to “Password and Security” and tapping on the “See all” button in the “Where you’re logged in” section.

2. Tap on the three dots next to a suspicious entry and select the “Secure Account” option to reset your password. Alternatively, you can press “Log out.”

3. You can also swipe down all the way to the bottom and press on “Log out of all sessions.”

6. Monitor Linked Apps and Websites

Many apps and websites give you the option to log in with your Facebook credentials. While this may seem tempting due to convenience, we strongly advise against it, as we often tend to forget to revoke Facebook access once the permissions have been granted.

If you’ve done so in the past, don’t worry, as you can remove access from these apps now. We show you how below.

Desktop

1. From the Settings panel on the left side of the display, scroll down until you find “Apps and Websites.”

2. You’ll be shown a list of all the apps you’ve logged in to using your Facebook credentials.
3. If you’re curious what Facebook information is/was shared with the app, you can click on the “View and Edit” button next to the entry. Alternatively, you can simply press the “Remove” button.
4. If you chose “Remove,” you’ll be asked to choose whether you want Facebook to delete any info the app may have posted to your timeline. You can also authorize Facebook to notify the app that your login connection was removed. Finally, press “Remove” again.

Mobile

1. On your mobile device, open “Settings & Privacy” from the app.
2. Scroll down to the Permissions section and tap “Apps and Websites..

3. Tap on an app you’d like to remove.

4. Tap on “Remove.” On the other hand, if the login expired and you wish to continue the session, you can select the “Renew” button.

5. If you selected the first option, you’ll be presented with the same two options as above. Make your selection and press “Remove” once more.

7. Install an Extension/Add-on

Browser extensions or add-ons can also help with ramping up your Facebook security, such as Firefox’s Facebook Container add-on, which basically isolates your Facebook identity from the rest of the Web. With the extension onboard, Facebook cookies and site data that help identify “you” will be available only in that Container, and only the social site can be opened in that Container.

This means you won’t be tempted to log in with your Facebook credentials anymore, and your Facebook login information will be confined to the specific container.

Chrome users that are worried about phishing attacks can give the J2TEAM Security extension a try. Once installed, the extension will block fake Facebook login pages, thus preventing you from falling victim to scams. It also includes a “Facebook security tester” feature, which shows you your account’s vulnerabilities and provides you with direct links to resolve unsafe situations.

8. Do a Quick Security Check

If you don’t want to install an extension, Facebook can perform its own security check. From “Security and Login” (or “Password and Security if you’re on mobile), click “Check Important Security Settings,” and Facebook will show you how to keep your account secure and alert you of any possible issues.

It’s a simple way to know if you’ve taken the right steps to secure your account and takes mere seconds.

Frequently Asked Questions

1. Does Facebook use secure browsing (HTTPS)?

The answer is yes, and you don’t have to do anything to enable it. Facebook uses HTTPS to automatically encrypt your connection when you use the service. This protects your account from malicious parties. A secure connection is a requirement for connecting to Facebook and can’t be turned off.

2. I don’t recognize a location in the “Where You’re Logged In” section. What now?

If you see a location you don’t recognize, don’t panic. First, check if it’s related to the mobile device that you usually use to browse Facebook. Do note that often when signing in via a mobile device, you’re routed through an IP address that does not reflect your current location.

If you don’t recognize the mobile device either, it could be that you left yourself logged in on someone else’s mobile device. If that’s the case, consider logging yourself out remotely. The other option is that an unauthorized party has somehow managed to gain access to your account. If you think that might be the case, log yourself out from that particular device first, then secure your account by changing the password.

3. How can I avoid getting locked out of my Facebook account?

You can set up a list of trusted contacts (three to five friends), who, in case of emergency, can help you if you ever have trouble accessing your account. They will be able to send a code and URL from Facebook to help you log back in. You can create this list by going to “Security and Login” (or “Password and Security” if you’re on mobile) and tapping on the “Choose 3-5 friends to contact if you get locked out” option under the “Setting up Extra Security” section. From there press on the “Choose friends” button.

Image credit: Freepik