For many people, Facebook is part of their everyday life. It’s where they interact with friends and colleagues, and is seen by many as an extension of themselves. Having your Facebook account hacked can be more than just humiliating, depending on what the hackers do, it can damage your reputation or even cost you money. If you suspect that your Facebook account has been hacked, the first thing to do is change your password. This article contains other tips and tricks for boosting the security of your Facebook account.
1
Create a strong password. Avoid including your name, birthdate, pets, or common words in your password: make it difficult to guess.[1]
A strong password will be at least 10 characters in length, but the more the better. The longer (more characters) your password is, the more time it will take the hacker to crack it.
A strong password should contain at least one of each of the following characters: lower-case letters, upper-case letters, numbers, and special characters.
2
Do not use your Facebook password anywhere else. Ensure that you create a different password for every web service/website you use.[2]
It’s not enough to do the same password with different numbers (e.g., password1, password2 …).
If you’re feeling uncreative and have difficulty thinking up new passwords, use an online password generator — just make sure it’s from a trustworthy source.
3
Use a password manager. As you create more strong and unique passwords, it will likely be difficult to remember them all. There are many good password managers available that will encrypt and safely store your passwords.
You might even have a password manager built into your operating system — for example, Mac users have the keychain password manager available to them for free.
If you don’t want to use a password manager, use a passphrase, for example: “I like big butts and I cannot lie!” might become iLbBaIcL!
4
Change your password once every six months. This goes for all of your passwords — not just your Facebook one. If you find it difficult to remember to do this, set a reminder on your calendar.
5
Do not share your Facebook password with anyone. In fact, don’t share any of your passwords with anyone!
your other passwords and that it is a strong password.
Whether your browser automatically saves your passwords in a master password-protected file will depend on your operating system and your browser. You can ensure that a master password is in effect by checking your browser preferences.
7
Only log in on trusted computers. If you are using a computer that you don’t know or trust, avoid doing anything that requires you to enter your password. Hackers commonly use key loggers on computer systems that record everything you type, including passwords.
If it’s not possible for you to avoid typing a password into a computer you don’t trust, then change your password as soon as you can once you’re back at your own computer.
Part 2 of 5:
Accessing Your Facebook Security Settings
1
Log into your Facebook account. On the Facebook home page, enter your email address and password to log into your Facebook account. Ensure that you log into Facebook (and other sites) at the correct address: www.facebook.com.
It’s important to make sure that your address bar actually says www.facebook.com and not something like facebook.co, face.com, or facebook1.com etc. Phishers often choose sites that you may accidentally type into your address bar when in a hurry.
2
Open your Facebook settings. Once you’re logged into your Facebook account, click on the downward-pointing triangle in the top right corner of your page (along the blue bar). This will open a drop-down menu. Just above “Log out” you’ll see “Settings.” Click on “Settings” to open your Settings menu.
If you need to change your password, click on the “General” tab in “Settings,” then click on “Edit” to the right of “Password.” You’ll need to enter your current password before entering in your new one, then click on “Save Changes.”
3
Open your security settings. Once you have the Settings window open, you’ll see a number of tabs on the left side of the Settings window. “Security” should be the second tab down, just under “General.” Click on “Security” to open your security settings.
In your Security Settings window, you’ll see a list of settings that you can adjust. To adjust these settings, you’ll click on “Edit,” which appears (in blue) to the right of of the specific settings.
Part 3 of 5:
Making Use of Facebook’s Security Settings
1
Set up Login Alerts. Login Alerts send you an alert when someone logs into your account from a new device or browser. You can choose to get login alerts via Facebook notifications, email, or text messages. To activate these alerts, click on “Edit” to the right of “Login Alerts,” choose where you want the alerts sent (you’ll need your mobile phone number for text alerts), and click on “Save Changes.”
It’s a good idea to get alerts through every method that you can.
If you get a login alert, and you weren’t the one that logged in, then that means that your account was hacked. You should immediately log into your account and change your password to stop the hacker from doing any damage.
2
Activate Two-Factor Authentication. Two-factor authentication gives your account an extra level of security by requesting a security code when you log in from an unknown browser. To set up two-factor authentication, click on the word “Edit” to the right of “two-factor authentication,” then click on “Get Started” to begin the setup wizard.
The most common way to access login codes is through your phone — either by text message or the Facebook app.
If you anticipate that you might need login codes when you do not have your phone nearby, you can get 10 codes ahead of time (which you can print or write down) from Facebook. To do this, open the “two-factor authentication” section, click on “Get codes,” enter your Facebook password, and click “Submit.”[3]
3
Choose Trusted Contacts. Your “Trusted Contacts” are friends that Facebook enables to securely help you if you ever have trouble accessing your account. To add Trusted Contacts, click on “Edit” to the right of “Trusted Contacts,” then click on the words “Choose trusted contacts” (in blue). This will open a new window. Click on the “Choose Trusted Contacts” button to continue, enter your Facebook friends’ names into the text box, and hit “Confirm.”
Make sure that you only chose people that you trust as trusted contacts.
If you have a falling out with one of your trusted contacts, then make sure to remove them as soon as possible, since they might try to hack your account.
4
See Where You’re Logged In.[4] Look under the section “Where You’re Logged In” and click on “See More” to view all of the sessions that you are currently logged into. You should see apps (e.g., Facebook for desktop, Messenger, Facebook for iPhone), access dates, and locations. If you see anything that doesn’t make sense, click on “⋮” to the right of the session and click “Not you?”, and then follow the on screen directions.
If you’ve had a security scare, consider clicking on, “Log Out Of All Sessions” (at the bottom right corner of the “Where You’re Logged In” window) just to be extra safe.
This is also a great option if you’re unsure of whether you logged out after using Facebook on someone else’s computer. To end your session, simply access your Security Settings, and select See Where You’re Logged In, then scroll to the session in question and click on “End Activity” to close it remotely.
5
Check the list of recent emails from Facebook. To do this, scroll all the way down to the bottom and select View next to the option that says, “See recent emails from Facebook”. Here, you’ll be able to see a list of recent emails that Facebook sent you. This is useful if you accidentally deleted an email that Facebook sent you, or if you email account was hacked and you’re afraid that the hacker got into your Facebook account.
6
Encrypt your notification emails (advanced users). Facebook gives you the option to have all notification emails to be encrypted before they are sent to you. Simply paste your Public Key into the box and check the setting that says, “Use this public key to encrypt notification emails that Facebook sends you?” Then all emails that you receive from Facebook will be encrypted.
If you don’t know much about encryption, then it’s best to just leave this setting alone.
Part 4 of 5:
Exercising Caution While Using Facebook
1
Do not accept friend requests from people you don’t know. Scammers can create fake accounts and friend people. Once they’ve friended you, they can spam your timeline, tag you in posts, send you malicious messages, and even target your friends.[5]
If your birthday and location are viewable by your Facebook friends, and you regularly update your whereabouts, scammers might be able to use your details and updates to crack your passwords or even break into your home when they know you’re away on vacation.[6]
2
Limit who can see your posts. Open your Privacy Settings by clicking on the “Privacy” tab in your “Settings” window. To the right of the tab you will see several options for adjusting your privacy, including “Who can see my stuff?” (set it to “Friends”); “Who can contact me?”; and “Who can look me up?”
3
Be careful about what information you make public. If you are unsure of what your profile looks like to someone who is not your friend, click on the lock icon in the upper right corner of your Facebook page (it’s to the left of the down-pointing triangle). This will open a “Privacy Checkup” drop-down menu. Click on “Who can see my stuff” and then “View as” to see your profile as others see it.
Each time you post a status update or photo, you can select your audience. You should see a button next to the “Post” button that says either “Friends,” “Public,” or “Custom.” If it says “Public,” this means that everyone will be able to see what you are about to post, regardless of whether you are friends. Ensure that it says “Friends” if it’s something you’d prefer to keep more private.
4
Click carefully. Your friends aren’t immune to spam. If a friend posts a suspicious link or “shocking video” or sends something strange in a message, don’t trust that they’re doing it on purpose.
5
Review your account purchases regularly. If you make purchases on Facebook, be sure to review your purchase history regularly. That way, if someone does manage to get into your account and spend money, you can seek help from Facebook’s Payments Support Center.[7]
To review your payment history, go to “Settings” and then click on the “Payments” tab.
6
Report spam and suspicious content. How you report something will depend upon what you’re reporting.[8] Note that you’ll need to be logged into your Facebook account.
To report a profile, go to the profile you want to report. In the bottom right of the cover photo, click on the ellipses (…) and select “Report.”
To report a post, click the down-pointing triangle in the top right of the post you want to report and select “I don’t want to see this,” then “Why don’t you want to see this?” to be brought to more specific options.
To report a message, open the message you’d like to report, click on the gear symbol in the top right of the message, and then click “Report Spam or Abuse.”
7
Block people that seem suspicious. If someone is harassing you, sending you multiple repeated friend requests, had a falling out with you, or if someone claims that they are a hacker, then it’s best to just block them. People won’t be notified when they are blocked by you unless they try to view your account. Blocking people makes sure that they are removed from your friends list, trusted contacts, and prevents them from harassing you.
If somebody creates multiple fake accounts to try to stalk or harass you, then report them.
8
Log out of Facebook when not using your own computer/device. This is particularly important if you’re using a computer at a library or Internet café, where many people who you do not know will use the computer throughout the day.
If you forget to log out, you can log out remotely by logging into Facebook, opening your security settings, and clicking on “See Where You’re Logged In.” If you’re still logged into a computer/device that isn’t yours, click on “End Activity,” and this will log you out.[9]
Part 5 of 5:
Protecting Your Computer/Device
1
Use up-to-date anti-virus software. Anti-virus software helps keep your computer secure by preventing, detecting and removing malicious software. There are a number of free anti-virus programs available online (popular ones include AVG Antivirus and Sophos). If you don’t already have one, download one now, ensure that it’s kept up to date, and run scans regularly.
2
Scan for malware regularly. Malware is able to get around Facebook’s security controls to access your account. From there, it can collect personal information, send status updates and messages that appear to be from you, or cover your account with ads that will crash your computer.[10] There are a number of free anti-malware programs available online. Facebook offers several free scanners in its help pages.[11]
Your computer may have malware on it if you have recently tried to watch a “shocking video” via a Facebook post; if you have visited a website claiming to offer special Facebook features; or if you have downloaded a browser add-on that claims to do the impossible (for example, allowing you to change the color of your Facebook profile).[12]
3
Keep all software up to date. In particular, ensure that whatever browser you are using is up to date. Facebook supports Firefox, Safari, Chrome, and Internet Explorer.[13]
4
Set a password on you computer. Setting a password will make sure that your computer will stay safe even if somebody gets physical access to it.
You should also enable BitLocker on your computer if you have a “Pro” version of Windows.
5
Think before you click. This goes for sketchy looking websites, browser plug-ins and videos, and suspicious emails and notifications. If you ever receive an email asking for your password for any account that you have, do not respond. Reputable companies will never request your password over email.[14]
If a link looks suspicious, don’t click on it — even if it’s from someone you know. If one of your Facebook friends clicks on a spam link, they could accidentally send it over to you.[15]
6
Know how to spot a scam. If you suspect a phishing email, forward it to phish@fb.com.[16] To avoid getting “phished” (scammed), beware of the following:[17]
Messages with poor grammar, spelling, and typos, as well as any strange fonts or spacing.
Messages claiming to contain your password as an attachment.
Images or messages with links that don’t match what you see in your status bar when you hover over them.
Messages asking for your personal information such as your credit card info, driver’s license, social insurance number, date of birth, etc.
Messages claiming that your account will be deleted or locked unless you act immediately
