How To Properly Protect Your Facebook Account, Login

Martin Brinkmann
May 30, 2011
Updated • May 25, 2018
Facebook
|
7

Facebook has been rolling out new or improved security and privacy features in rapid succession for the past year.

Many of the changes have only been announced on the official blog and third party sites like Ghacks that report about them. Facebook users who do not read the official blog or third party sites like mine may have missed some or even all of the security and privacy changes. Most new features are added as opt-in features to the social networking site, which means that many users have not enabled them yet.

This short guide lists the important changes and some general tips to improve a Facebook account's security and login.

Facebook Account Hardening

Most security features on Facebook deal with the log in on the site. This is where we start as well.

Facebook password

facebook password

Make sure you use a secure password on Facebook. Best passwords are made up of a combination of letters, numbers and special characters. It is suggested to use at least 14 characters, the more the better. Make sure that you do not use dictionary words, names or other terms that can be associated with you.

To change your password do the following: Click on the menu icon in the upper right and select  Settings from the menu. You may load https://www.facebook.com/settings directly as well to open the Settings.

Locate and activate Security and Login under Settings and click the change password link after the page has loaded

A form opens on the same page where you need to enter your old password and the new password. A click on Change Password completes the process so that the new password will be the valid password from that moment on. You will be logged off all computers when you change the password.

Login Notifications

get-alerts

You can enable this option to receive emails whenever someone logs in to your Facebook account from an unrecognized computer.

  1. Select Edit next to "get alerts about unrecognized logins" on the Security and Login page on Facebook's website.
  2. Make sure that "get notifications" is checked for Notifications and/or Messenger.
  3. If you want to receive alerts by email, enable email alerts on the page as well.

Facebook notifies you automatically when it recognizes logins from devices that the service can't link to you.

Two-factor authentication

Two-factor authentication is probably the most important security feature next to selecting a secure password for your Facebook login.

The feature adds another layer to the authentication process which means that attackers can't just use a Facebook user's email address and password to sign in anymore but need a secondary code as well that is generated in real-time.

Select "use two-factor authentication" on the Security and Login website to enable the feature. You need a mobile phone for that, and may get codes via SMS or by using an authentication application.

Facebook walks you through the setup process on the website. Check out this help page on the Facebook website for additional information.

Other things you may do or enable:

  • View and manage the list of authorized devices. Remove any device that you don't recognize or don't use anymore.
  • Choose contacts that you trust to avoid getting locked out.
  • Provide Facebook with your OpenPGP public key so that the company may encrypt all emails it sends to you.
  • Check the list of recent emails sent by Facebeook.
  • Verify that your contact information, especially the email address, is correct.

Is there anything else that you do to keep your Facebook login and account secure? Let us know in the comments.

Old information that is no longer valid

Secure Browsing (https)

You can open Facebook by loading http://www.facebook.com/ and https://www.facebook.com/. The difference? The HTTPS variant is more secure, as it uses encryption which blocks access to spy on your network traffic. That's for instance helpful if you connect to the site from a public computer or wireless network.

Security Question

The security question and answer are used by Facebook to identify the account owner, for instance when you contact them because you do not have access to your account anymore. It is important to select a question and answer that only you can answer. Remember that you can add any answer that you want. Instead of answering "What was the last name of your first grade teach" with Mrs. Smith, you could instead use characters from your ID card, driver's license or a phrase that you can remember well.

You can change the Security Questions under Account Settings as well. Just select change next to Security Question this time.

security question

Facebook Login Approvals

This new feature improves security by linking the Facebook account to your mobile phone number. Facebook sends a pin to the linked mobile phone whenever someone tries to log in from an unrecognized computer. You need to add your mobile phone number to Facebook before you can make use of that feature.

You can configure all three options under Account Settings. Locate Account Security there and click the change button to see the following configuration options.

facebook account security

It is suggested to enable all three, unless you do not want to add your mobile phone to Facebook. Enable the first two (secure browsing and login notification) then.

Summary
How To Properly Protect Your Facebook Account, Login
Article Name
How To Properly Protect Your Facebook Account, Login
Description
Find out how to protect your Facebook account so that it is properly secured against attacks such as brute force password attacks or social engineering.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Ross Goodman said on March 6, 2015 at 1:51 pm
    Reply

    I must admit I don’t mind the reminder.
    I use that as a trigger for an annual review.
    The week of their birthday I scan their contact details, LinkedIn, Facebook & Twitter to make sure I have all of their public contact information up to date.

    That and also send them a quick message.

    Pro Tip – I also have a script that on a daily basis will choose a contact at random for review.

    Ross

  2. Karl said on March 6, 2015 at 5:33 pm
    Reply

    You da man, Martin! Do you know how many people on Reddit shot me links and it wasn’t until your article here that I ever saw a page like “Contacts only?” Google really doesn’t want you to find this info! Lol!

    1. LegoActionFigure said on March 6, 2015 at 6:55 pm
      Reply

      They didn’t hide it… if you’ve only accessed the calender through Gmail from it’s tiny reminder notice interface, then you wouldn’t know how much more you can do with it. If you click the 9 boxes icon to access Google services, you can go to the full Calendar at any time and edit, add, change stuff at whim. Changes I make to the full calender get updated to my Android’s calender and vice versa with the only difference is having a full keyboard to type when I’m on my desktop/laptop is better than Swyping or poking contact and event information into the tiny calender APP.

  3. PhoneyVirus said on March 6, 2015 at 9:42 pm
    Reply

    Every comment has a point and absolutely right, Google tries really hard to hide their settings, it was last year were I stopped using Google services altogether but two gmail and photos. There was one point in time were I was going to change every account that was using gmail address, results it would’ve been more than just a headache and stuck with it.

    Thanks for the Preview Martin

  4. rae pollock said on January 7, 2017 at 10:15 pm
    Reply

    I turned off FB on my android phone. When I turned it back on, all of the birthdates appeared along with holidays, etc. I do not like this feature as it does not allow me to notice the appointments that I place on my calendar. please tell me how to delete. When I go onto calendar on my android, it does not have settings, so unable to delete or change calender . I don’t want notifications to appear when the birthdays are approaching, but I don’t want them to be on the calendar 24/7. HELP

  5. Daniel Demetri said on December 18, 2018 at 3:16 am
    Reply

    Google’s built-in calendar lets you turn off birthdays from your circles, but it does NOT let you turn off the import of Google+ birthdays into your contacts. So if you have a contact with an email address that matches a Google+ profile then their birthday is forced onto your Birthdays calendar.

    Obviously this is annoying as heck, so I built a replacement Birthdays calendar without this problem:

    https://better-cal.appspot.com

  6. Tracy Fletcher said on August 17, 2023 at 4:56 pm
    Reply

    Hello, I am desperate for help please.
    I often list items for sale via facebook market place. One of my items out of 80 items on sale, was getting a strange amount of view. I had listed it before for about a year and it only ever reached a few hundred fews or so. This time it had reached about 19,000 views in one week, which was fake and abnormal. i was getting horrible pm’s from people on it, really nasty mocking my costume and myself.
    I had to take the time down, reported everything to facebook they did not thing!

    I then took it down for 3 weeks and have just put it back up and same thing is happening again. if I click the 3 little dots by the message it says leave group, but what group, it doesn’t tell me nor is there a link. I am n a few local buy sell groups or community groups, but how do I know which one it is?
    any help how to stop this would be appreciated as somenoe said they think i’m being tagged in a group, but what group i don’t know, i’ts not nice.

    1. Mystique said on August 26, 2023 at 10:08 am
      Reply

      It has been a long time so I can’t say for sure but I think you can prevent people from tagging you and last I knew it asks you if someone has tagged you and then you can decline it.

      If Facebook doesn’t help you then its clear that they don’t care about you and you should maybe think at the very least about moving your sales elsewhere.

  7. John G. said on August 20, 2023 at 11:30 pm
    Reply

    These short articles don’t worth the spent time of reading. I am very disappointed with them.

    1. owl said on August 21, 2023 at 4:55 am
      Reply

      This article is
      Martin Brinkmann
      Mar 6, 2015
      Updated • Sep 29, 2018
      Facebook, Tutorials

      In short, it was a topic of its time and may not be useful in today’s world.
      Subscribers should pay attention to the “article creation and update dates”.

      1. John G. said on August 26, 2023 at 11:07 pm
        Reply

        @owl, I beg your pardon, however I didn’t comment here this comment but in one of Emre Çitak. I see posts of mine in some other articles too with some old dates. I hope someone will fix this issue soon.

  8. yanta said on August 21, 2023 at 7:18 am
    Reply

    What is this? A sales pitch for Facebook?
    Facebook is an untrustworthy organization and it’s apps are junk.
    Go out and do something real. Like meet your neighbors and have a BBQ
    Why anyone would want to share details of their private life on like is bewildering.
    Must be all those endorphins one receives when someone likes a post.

    1. owl said on August 21, 2023 at 8:29 am
      Reply

      @yanta,

      I really like your comment!

  9. Russ said on August 24, 2023 at 1:30 am
    Reply

    Am I the only one seeing the ghacks article’s comment section mix-ups? Recent articles with commenting dated from years ago, on subjects having nothing to do with the article. This has been occurring now for a couple of weeks as far as I can tell.

  10. Michael Kiser said on August 24, 2023 at 12:38 pm
    Reply

    Well I know what the word “META” means now in Hebrew. And it sure enough looks like it’s going down! Facebook is doing all it can to take away free speech. I can’t post anything that has got to do with the bible.

  11. Anonymous said on August 26, 2023 at 11:28 am
    Reply

    I can’t wait until they pull out of Android and make Messenger iOS only too while they are at it. Why do they hate poor people?

  12. D.C. said on August 30, 2023 at 10:01 pm
    Reply

    It’s odd how the “largest known covert digital influence operation” may not have been seen by any actual users.

    “The campaign, which lasted over a year, garnered few, if any, eyeballs from real social media users, based on Meta’s analysis.”

    https://www.politico.eu/article/china-behind-largest-ever-digital-influence-operation-says-meta/

  13. John G. said on August 30, 2023 at 10:21 pm
    Reply

    Chinese accounts… even the reality is harder than expected. By the way, comments are still broken. Is there any intention to fix them? :S

  14. Anonymous said on September 2, 2023 at 9:16 am
    Reply

    Imagine paying for Facebook. If I were forced to pay for social media at gunpoint I’d easily pick Twitter despite its flaws.
    You know even if it’s full of landmines from across the spectrum there are way more people my age. Doesn’t really matter what politics they have, they’re all my sisters and even if someone is at the complete opposite of me politically I’d still feel closer to them over the 50 and 60 somethings.

    Even if we have different opinions are are all screwed the same and have more in common than we’d like to admit.

  15. g. said on September 2, 2023 at 1:37 pm
    Reply

    If they didn’t make it prohibitively expensive, then I would 100% pay for ad-free facebook. I’ve been wanting this since forever, just give us the choice to not see the frickin’ ads.

  16. Anonymous said on September 2, 2023 at 8:08 pm
    Reply

    Glad I never got into social media.

  17. John G. said on September 5, 2023 at 10:06 pm
    Reply

    Interesting article, however the unresolved issues here with the comments is very discouraging for us the readers. I haven’t found any explanation for this kind of problems by any responsible of this site, so I think this problem will last for some undefined time. Anyway, I will start soon my first job as forestal engineer so it’s probably that I will have not too much time to comment as before. Please keep on the good job with some interesting articles and fix the comments as soon as possible! :]

  18. ECJ said on September 6, 2023 at 3:09 am
    Reply

    It would be more helpful if Facebook could just remove their entire website.

  19. Anonymous said on September 17, 2023 at 4:50 pm
    Reply

    “Considering that only a minority of users is willing to pay for an ad-free experience, Meta would have to keep the regular versions for the rest of users.”

    Just like the Be-spied-on “business model”, Pay-or-be-spied-on is still illegal under GDPR (*), even if it’s something that is encountered more and more often those times from many companies on the internet that do not respect the privacy laws and think they can comply instead with an unofficial version of those that they have written themselves. Which in practice is true because those laws are hardly applied, every judge and regulatory agency in Europe that has something to do with privacy laws crumbling under the bribes of Facebook and the like, and not even trying to do that quietly (see noyb dot eu). But there has to be a limit on how long they can delay justice against them.

    “it is likely reduced, but it is unclear, if it is disabled entirely for paying users.”

    What would be funny is if users end paying *and* being spied on, which would not be surprising from Facebook. After all how would one know what Facebook does ? They are already spying while it is illegal to do so, how would paying them deter them more from breaching our rights ? And it’s not like they are not known for being pathological liars as a company, too.

    (*) https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=FR
    ” (42) […] Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.”

  20. Anonymous said on September 18, 2023 at 9:12 pm
    Reply

    @Martin. In your first paragraph, ‘edge’, not ‘Edge’.

  21. plusminus_ said on September 18, 2023 at 11:58 pm
    Reply

    lmao, half of the captcha that shows up after submitting is hidden, so… I can’t submit. Classic.

  22. Steve S. said on September 19, 2023 at 3:23 am
    Reply

    Re: Sept 18, 2023 article, Ask Meta to delete or block your personal data from third-party sources for AI training

    I tried the page a few days ago. I’m in the US and selected the option two. I input my personal info – the same used for my FB account – which I haven’t signed into for a year or more. I got the following response from Facebook, basically brushing me off:

    “Hi,
    Thank you for contacting us.
    Based on the information provided, we were unable to process your request. To help us process your request, please provide examples or screenshots that show evidence of your personal information (for example, your name, address or phone number) in responses from Meta’s generative AI models. Once you provide this evidence, we would be happy to investigate further.
    If you have any questions about how Meta uses information from our products and services, please see our Privacy Policy: https://www.facebook.com/privacy/policy
    To learn more about generative AI, and our privacy work in this new space, you can review the information we have in Privacy Center: https://www.facebook.com/privacy/genai
    Thanks,
    Privacy Operations”

    The page didn’t ask for any “information”. Maybe because I’m in the US, Facebook won’t do anything? Maybe the page coding is messed up? Maybe this only works if you provide proof of AI use of your PII? Maybe it’s all just sound and fury signifying nothing?

    Today I tried again, but the captcha challenge is formatted so you can’t see all the photos and can’t scroll or enlarge the pop-up.

    Not even half-baked, I’d say..

  23. Story Snooper said on September 19, 2023 at 10:25 pm
    Reply

    I must say, this development from Meta is intriguing! The idea of ad-free versions of Facebook and Instagram is a breath of fresh air, especially for users like me who have been increasingly bothered by the overwhelming ads on these platforms.

    Living in the EU, I appreciate the GDPR regulations and the push for more privacy-focused options. However, I’ll be curious to see how Meta plans to monetize these ad-free versions. Will they be subscription-based? If so, what will the pricing model look like? Will there be additional features or benefits for subscribers?

    While the prospect of a less cluttered and more private social media experience is enticing, it’s important that Meta maintains a balance between user privacy and revenue generation. Striking that balance will be key to the success of these ad-free versions.

    I hope Meta also considers extending this option to users outside the EU in the future. It would be great to see such privacy-centric alternatives available globally.

    Additionally, I recently came across an interesting tool called “Instagram Story Anonymous” at storysnooper.com, which allows users to view Instagram Stories anonymously. It’s another example of how privacy-conscious individuals are seeking alternatives to maintain their online privacy. It will be interesting to see if Meta’s ad-free versions address similar concerns.

    Overall, I’m cautiously optimistic about this development and will be keeping a close eye on how it unfolds. What are your thoughts on this, fellow readers?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.