Protect Your Facebook Account from Hackers

For many people, Facebook is part of their everyday life. It’s where they interact with friends and colleagues, and is seen by many as an extension of themselves. Having your Facebook account hacked can be more than just humiliating: depending on what the hackers do, it can damage your reputation or even cost you money. If you suspect that your Facebook account has been hacked, the first thing to do is change your password. This article contains other tips and tricks for boosting the security of your Facebook account.

Steps

Protecting Your Password

  1. Create a strong password. Avoid including your name, birthdate, pets, or common words in your password: make it difficult to guess.[1]
    • A strong password will be at least 8 characters in length, but the more the better. The longer (more characters) your password is, the more time it will take the hacker to crack it.[2]
    • A strong password should contain at least one of each of the following characters: lower-case letters, upper-case letters, numbers, and special characters.[2]
  2. Do not use your Facebook password anywhere else. Ensure that you create a different password for every web service/website you use.[1]
    • It’s not enough to do the same password with different numbers (eg., password1, password2 …).[2]
    • If you’re feeling uncreative and have difficulty thinking up new passwords, use an online password generator — just make sure it’s from a trustworthy source.
  3. Use a password manager. As you create more strong and unique passwords, it will likely be difficult to remember them all. There are many good password managers available that will encrypt and safely store your passwords.
    • You might even have a password manager built into your operating system — for example, Mac users have the keychain password manager available to them for free.
    • If you don’t want to use a password manager, use a passphrase, for example: “I like big butts and I cannot lie!” might become iLbBaIcL![2]
  4. Change your password once every six months. This goes for all of your passwords — not just your Facebook one. If you find it difficult to remember to do this, set a reminder on your calendar.[2]
  5. Do not share your Facebook password with anyone. In fact, don’t share any of your passwords with anyone!
  6. Avoid using the “remember password” feature on web browsers. This is particularly important if you are not using your own computer. When the “remember password” prompt comes up and you are not at your own computer, click on the “not now” button.
    • If you have set a master password for your browser, you can use the “remember password” function, as having a master password will prompt anyone trying to see your passwords to enter another password (one created by you) just to show the passwords.
      • Whether your browser automatically saves your passwords in a master password-protected file will depend on your operating system and your browser. You can ensure that a master password is in effect by checking the your browser preferences.
  7. Only type your password into trusted computers. If you are using a computer that you don’t know or trust, avoid doing anything that requires you to enter your password. Hackers commonly use keystroke loggers on computer systems that record everything you type, including passwords.[2]
    • If it’s not possible for you to avoid typing a password into a computer you don’t trust, change your password as soon as you can once you’re back at your own computer.

Accessing Your Facebook Security Settings

  1. Log into your Facebook account. On the Facebook home page, enter your email address and password to log into your Facebook account. Ensure that you log into Facebook (and other sites) at the correct address: www.facebook.com.
    • It’s important to make sure that your address bar actually says www.facebook.com and not something like facebook.co, face.com, or facebook1.com etc. Phishers often choose sites that you may accidentally type into your address bar when in a hurry.
  2. Open your Facebook settings. Once you’re logged into your Facebook account, click on the downward-pointing triangle in the top right corner of your page (along the blue bar). This will open a drop-down menu. Just above “Log out” you’ll see “Settings.” Click on “Settings” to open your Settings menu.
    • If you need to change your password, click on the “General” tab in “Settings,” then click on “Edit” to the right of “Password.” You’ll need to enter your current password before entering in your new one, then click on “Save Changes.”
  3. Open your security settings. Once you have the Settings window open, you’ll see a number of tabs on the left side of the Settings window. “Security” should be the second tab down, just under “General.” Click on “Security” to open your security settings.
    • In your Security Settings window, you’ll see a list of settings that you can adjust. To adjust these settings, you’ll click on “Edit,” which appears (in blue) to the right of of the specific settings.

Making Use of Facebook’s Security Settings

  1. Set up Login Alerts. Login Alerts send you an alert when someone logs into your account from a new device or browser. You can choose to get login alerts via Facebook notifications, email, or text messages. To activate these alerts, click on “Edit” to the right of “Login Alerts,” choose where you want the alerts sent (you’ll need your mobile phone number for text alerts), and click on “Save Changes.”
  2. Activate Login Approvals. Login Approvals gives your account an extra level of security by requesting a security code when you log in from an unknown browser. To set up Login Approvals, click on the word “Edit” to the right of “Login Approvals,” then click on “Get Started” to begin the setup wizard.
    • The most common way to access login codes is through your phone — either by text message or the Facebook app.
    • If you anticipate that you might need login codes when you do not have your phone nearby, you can get 10 codes ahead of time (which you can print off or write down, etc.) from Facebook. To do this, open the “Login Approvals” section, click on “Get codes,” enter your Facebook password, and click “Submit.”[3]
  3. Choose Trusted Contacts. Your “Trusted Contacts” are friends that Facebook enables to securely help you if you ever have trouble accessing your account. To add Trusted Contacts, click on “Edit” to the right of “Trusted Contacts,” then click on the words “Choose trusted contacts” (in blue). This will open a new window. Click on the “Choose Trusted Contacts” button to continue, enter your Facebook friends’ names into the text box, and hit “Confirm.”
  4. Review Your Browsers and Apps. Click on “Edit” to the right of “Your Browsers and Apps” to see which browsers you have saved as ones that you often use. If you see something on that list that doesn’t belong, click “Remove,” then “Save Changes.”
  5. See Where You’re Logged In.[4] Click on “Edit” to the right of “See Where You’re Logged In” to view all of the sessions that you are currently logged into. You should see apps (eg., Facebook for desktop, Messenger, Facebook for iPhone), access dates, and locations. If you see anything that doesn’t make sense, click on “End Activity” to the right of the session.
    • If you’ve had a security scare, consider clicking on “End All Activity” (at the top of the “See Where You’re Logged In” window) just to be extra safe.
    • This is also a great option if you’re unsure of whether you logged out after using Facebook on someone else’s computer. To end your session, simply access your Security Settings, and select See Where You’re Logged In, then scroll to the session in question and click on “End Activity” to close it remotely.

Exercising Caution While Using Facebook

  1. Do not accept friend requests from people you don’t know. Scammers can create fake accounts and friend people. Once they’ve friended you, they can spam your timeline, tag you in posts, send you malicious messages, and even target your friends.[5]
    • If your birthday and location are viewable by your Facebook friends, and you regularly update your whereabouts, scammers might be able to use your details and updates to crack your passwords or even break into your home when they know you’re away on vacation.[6]
  2. Limit who can see your posts. Open your Privacy Settings by clicking on the “Privacy” tab in your “Settings” window. To the right of the tab you will see several options for adjusting your privacy, including “Who can see my stuff?” (set it to “Friends”); “Who can contact me?”; and “Who can look me up?”
  3. Be careful about what information you make public. If you are unsure of what your profile looks like to someone who is not your friend, click on the lock icon in the upper right corner of your Facebook page (it’s to the left of the down-pointing triangle). This will open a “Privacy Checkup” drop-down menu. Click on “Who can see my stuff” and then “View as” to see your profile as others see it.
    • Each time you post a status update or photo, you can select your audience. You should see a button next to the “Post” button that says either “Friends,” “Public,” or “Custom.” If it says “Public,” this means that everyone will be able to see what you are about to post, regardless of whether you are friends. Ensure that it says “Friends” if it’s something you’d prefer to keep more private.
  4. Click carefully. Your friends aren’t immune to spam. If a friend posts a suspicious link or “shocking video” or sends something strange in a message, don’t trust that they’re doing it on purpose.
  5. Review your account purchases regularly. If you make purchases on Facebook, be sure to review your purchase history regularly. That way, if someone does manage to get into your account and spend money, you can seek help from Facebook’s Payments Support Center.[7]
    • To review your payment history, go to “Settings” and then click on the “Payments” tab.
  6. Report spam and suspicious content. How you report something will depend upon what you’re reporting.[8] Note that you’ll need to be logged into your Facebook account.
    • To report a profile, go to the profile you want to report. In the bottom right of the cover photo, click on the ellipses (…) and select “Report.”
    • To report a post, click the down-pointing triangle in the top right of the post you want to report and select “I don’t want to see this,” then “Why don’t you want to see this?” to be brought to more specific options.
    • To report a message, open the message you'd like to report, click on the gear symbol in the top right of the message, and then click “Report Spam or Abuse.”
  7. Log out of Facebook when not using your own computer/device. This is particularly important if you’re using a computer at a library or Internet café, where many people who you do not know will use the computer throughout the day.
    • If you forget to log out, you can log out remotely by logging into Facebook, opening your security settings, and clicking on “See Where You’re Logged In.” If you’re still logged into a computer/device that isn’t yours, click on “End Activity,” and this will log you out.[1]

Protecting Your Computer/Device

  1. Use up-to-date anti-virus software. Anti-virus software helps keep your computer secure by preventing, detecting and removing malicious software. There are a number of free anti-virus programs available online (popular ones include AVG Antivirus and Sophos). If you don’t already have one, download one now, ensure that it’s kept up to date, and run scans regularly.
    • Both anti-virus and malware programs are more common for desktop computers and laptops than for mobile devices. Generally, apps and updates go through an anti-virus check on the end of the provider of your mobile operating system, so at this time anti-virus and malware apps are not considered to be necessary.
  2. Scan for malware regularly. Malware is able to get around Facebook’s security controls to access your account. From there, it can collect personal information, send status updates and messages that appear to be from you, or cover your account with ads that will crash your computer.[9] There are a number of free anti-malware programs available online. Facebook offers several free scanners in its help pages.[10]
    • Your computer may have malware on it if you have recently tried to watch a “shocking video” via a Facebook post; if you have visited a website claiming to offer special Facebook features; or if you have downloaded a browser add-on that claims to do the impossible (for example, allowing you to change the color of your Facebook profile).[9]
  3. Keep all software up to date. In particular, ensure that whatever browser you are using is up to date. Facebook supports Firefox, Safari, Chrome, and Internet Explorer.[10]
  4. Think before you click. This goes for sketchy looking websites, browser plug-ins and videos, and suspicious emails and notifications. If you ever receive an email asking for your password for any account that you have, do not respond. Reputable companies will never request your password over email.[11]
    • If a link looks suspicious, don’t click on it — even if it’s from someone you know. If one of your Facebook friends clicks on a spam link, they could accidentally send it over to you.[12]
  5. Know how to spot a scam. If you suspect a phishing email, forward it to phish@fb.com.[13] To avoid getting “phished” (scammed), beware of the following:[14]
    • Messages with poor grammar, spelling, and typos, as well as any strange fonts or spacing
    • Messages claiming to contain your password as an attachment
    • Images or messages with links that don’t match what you see in your status bar when you hover over them
    • Messages asking for your personal information such as your credit card info, driver’s license, social insurance number, date of birth, etc.
    • Messages claiming that your account will be deleted or locked unless you act immediately

Related Articles

Sources and Citations