How To Properly Protect Your Facebook Account, Login

Martin Brinkmann
May 30, 2011
Updated • May 25, 2018

Facebook has been rolling out new or improved security and privacy features in rapid succession for the past year.

Many of the changes have only been announced on the official blog and third party sites like Ghacks that report about them. Facebook users who do not read the official blog or third party sites like mine may have missed some or even all of the security and privacy changes. Most new features are added as opt-in features to the social networking site, which means that many users have not enabled them yet.

This short guide lists the important changes and some general tips to improve a Facebook account's security and login.

Facebook Account Hardening

Most security features on Facebook deal with the log in on the site. This is where we start as well.

Facebook password

facebook password

Make sure you use a secure password on Facebook. Best passwords are made up of a combination of letters, numbers and special characters. It is suggested to use at least 14 characters, the more the better. Make sure that you do not use dictionary words, names or other terms that can be associated with you.

To change your password do the following: Click on the menu icon in the upper right and select  Settings from the menu. You may load directly as well to open the Settings.

Locate and activate Security and Login under Settings and click the change password link after the page has loaded

A form opens on the same page where you need to enter your old password and the new password. A click on Change Password completes the process so that the new password will be the valid password from that moment on. You will be logged off all computers when you change the password.

Login Notifications


You can enable this option to receive emails whenever someone logs in to your Facebook account from an unrecognized computer.

  1. Select Edit next to "get alerts about unrecognized logins" on the Security and Login page on Facebook's website.
  2. Make sure that "get notifications" is checked for Notifications and/or Messenger.
  3. If you want to receive alerts by email, enable email alerts on the page as well.

Facebook notifies you automatically when it recognizes logins from devices that the service can't link to you.

Two-factor authentication

Two-factor authentication is probably the most important security feature next to selecting a secure password for your Facebook login.

The feature adds another layer to the authentication process which means that attackers can't just use a Facebook user's email address and password to sign in anymore but need a secondary code as well that is generated in real-time.

Select "use two-factor authentication" on the Security and Login website to enable the feature. You need a mobile phone for that, and may get codes via SMS or by using an authentication application.

Facebook walks you through the setup process on the website. Check out this help page on the Facebook website for additional information.

Other things you may do or enable:

  • View and manage the list of authorized devices. Remove any device that you don't recognize or don't use anymore.
  • Choose contacts that you trust to avoid getting locked out.
  • Provide Facebook with your OpenPGP public key so that the company may encrypt all emails it sends to you.
  • Check the list of recent emails sent by Facebeook.
  • Verify that your contact information, especially the email address, is correct.

Is there anything else that you do to keep your Facebook login and account secure? Let us know in the comments.

Old information that is no longer valid

Secure Browsing (https)

You can open Facebook by loading and The difference? The HTTPS variant is more secure, as it uses encryption which blocks access to spy on your network traffic. That's for instance helpful if you connect to the site from a public computer or wireless network.

Security Question

The security question and answer are used by Facebook to identify the account owner, for instance when you contact them because you do not have access to your account anymore. It is important to select a question and answer that only you can answer. Remember that you can add any answer that you want. Instead of answering "What was the last name of your first grade teach" with Mrs. Smith, you could instead use characters from your ID card, driver's license or a phrase that you can remember well.

You can change the Security Questions under Account Settings as well. Just select change next to Security Question this time.

security question

Facebook Login Approvals

This new feature improves security by linking the Facebook account to your mobile phone number. Facebook sends a pin to the linked mobile phone whenever someone tries to log in from an unrecognized computer. You need to add your mobile phone number to Facebook before you can make use of that feature.

You can configure all three options under Account Settings. Locate Account Security there and click the change button to see the following configuration options.

facebook account security

It is suggested to enable all three, unless you do not want to add your mobile phone to Facebook. Enable the first two (secure browsing and login notification) then.

How To Properly Protect Your Facebook Account, Login
Article Name
How To Properly Protect Your Facebook Account, Login
Find out how to protect your Facebook account so that it is properly secured against attacks such as brute force password attacks or social engineering.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. labko xe jehanna said on June 25, 2011 at 10:26 am

    i cant open my own facebook.

  2. Useful Articles said on May 31, 2011 at 12:31 pm

    The one about Login Notification was very useful to me. I didn’t know about that. Thanks for sharing.

  3. Dan said on May 30, 2011 at 1:39 pm

    I can’t find the security question. See screenshot below:

    1. Martin Brinkmann said on May 30, 2011 at 1:48 pm

      That’s strange.

  4. David Bradley said on May 30, 2011 at 11:00 am

    Definitely a good idea to answer security questions with a strong password instead of handing over pet’s name, mother’s unmarried name, birthplace etc…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.