If you want to stay safe online, Facebook is an important part of the audit that’s required. Not only can unauthorized access reveal some of your most sensitive information, it can also lead hackers into other apps and accounts you’re connected to.
Fortunately, Facebook takes security very seriously, and has added a wealth of tools and features designed to ensure that you and only you can get access. Before your next round of News Feed browsing and status updating, make sure you switch them on.
Making your account more secure
Account protection starts with your password: the longer, and the more difficult to guess, the better. That means avoiding anything like “1234”, “password”, or your pet’s first name (especially if your pet’s name is all over your linked Instagram account).
We wholeheartedly recommend turning on two-step verification too, an extra layer of security now available on most online accounts, from Google to Twitter. It means that your account can’t be accessed with a username and password alone. In Facebook’s case, you also need a code from a phone that’s verified and linked to your account.
Get this set up by opening up Facebook settings on the web, then clicking Security and login, followed by the Edit button next to the heading marked Use two-factor authentication. You can have your extra code posted to you via SMS whenever you need to access your account from a new device, or generate codes through the Facebook app for Android or iOS.
Another option is the Get alerts about unrecognised logins one. Click Edit here then turn notifications on, and you’ll get mobile alerts and emails if someone tries to access your account from an unrecognized device (one you haven’t used before). If it’s not you doing the accessing, you can quickly block the request.
Checking for suspicious activity
Other options on the Facebook settings page on the web help you to keep tabs on where your account is being accessed. If someone has managed to get into your Facebook profile, this is where you can find out about it.
Click the Security and login tab then use the Edit buttons next to Where You’re Logged In and Recognized Devices. These screens show web browsers and phones and tablets where your account is currently active, so end the activity on any computers or devices you don’t recognize (or that you’ve sold or given away).
While you’re on this screen, use the trusted contacts option to specify 3-5 people you really trust. If you ever lose access to your Facebook account, these contacts will get a code they can pass on to you to let you back in, proving that you are who you say you are.
Another way hackers can gain access to your account is through third-party apps you’ve connected. Open the Apps page and again remove access to any apps or services you don’t need any more (like that dating app you ditched three years ago). These connections aren’t necessarily dangerous, but the fewer of them you have, the safer you are.
Protecting your privacy
Tightening the privacy around your Facebook account leaves hackers, marketers and stalkers alike with less to work with. Think twice about anything you share, and use the audience selector drop-down menu that appears under the status update box to choose who can see your posts.
Public posts can be viewed by anyone on the web, whether or not they’re friends with you. To see all the public updates you’ve posted, from your profile page click the button labelled with three dots on the cover photo, then choose View As. Meanwhile, past public posts can be hidden by going to Privacy settings and clicking Limit Past Posts.
Head to the Timeline and tagging page to control the posts other people tag you in—the second option down lets you review any tags before they go live. It won’t stop a “buddy” uploading an embarrassing photo of you (there’s not much you can do about that beyond appealing to their better nature), but it will stop the post from being tagged and showing up on your own Facebook page.
Lower down on the same page, you can set the audience for posts you’re tagged in. By default, all your friends see something you get tagged in, but you can set this to Only Me instead if you want to keep a lower profile.
Applying common sense
Restricting the audience for your Facebook posts isn’t directly linked to keeping your account more secure, but scammers and hackers will use any information they can get about you to try and wrestle your account from you—or to try and access something else, like your email, through Facebook.
You should therefore apply some common sense about who you make friends with on the social network and the sort of details you’re sharing. If your place of work, birthday, favorite movie and pet’s name are all on show in public posts, then all of a sudden it becomes a lot easier for someone else to pretend to be you with those details to hand.
Social engineering—those old-fashioned con tricks—still play a major role in today’s tech-savvy world, so beware of links coming through emails or across instant messengers that make no sense or appear to come out of the blue. Be aware of the data you share over the phone or over email, especially if you didn’t initiate the conversation.
You also need to pay attention to computer and browser you use to access Facebook. Make sure you’re running up-to-date software at all times, with a solid antivirus tool installed, and avoid any suspect-looking browser extensions or Facebook add-ons that come from unknown developers, as they may well be looking for an easy way to get into your account.
Online security has never been more important. For more information, check out our guide to protecting all your accounts.