Your Facebook account isn't as safe as it could be. Unless you only just updated all your security settings, chances are your password is too weak, your information has changed, or you don't have a two-factor authentication backup.

This makes you vulnerable to losing access to your account.

Let us show you how you can secure your Facebook account right now while you can still log in. Should you forget your password, lose your phone, or get hacked, you'll have multiple ways to recover and secure your Facebook account.

1. Check Your Important Security Settings

Facebook Check Your Important Security Settings Guide

Facebook has a neat little tool that lets you review your account's most important security settings.

Open Facebook in your desktop browser, expand the Account menu in the top right, and head to Settings & privacy > Settings, then switch to the Security and Login screen, click the Check Your Important Security Settings link at the top, and follow the on-screen guide.

Ideally, your password should be OK, two-factor authentication enabled, and login alerts turned on. The tool will help you close those three particular security gaps, but we'll also show you how to double-check everything manually too.

2. Update Your Contact Information

Facebook General Account Settings

A fairly easy way to recover your Facebook password is through alternative contact information, such as email addresses and mobile phone numbers.

Obviously, this only works if you have access to the respective accounts. So make sure your contact information is up-to-date.

Note: To add or remove personal data, you'll need to enter your Facebook password. This ensures that no one can change your information, should you ever forget to log yourself out of your account at a publicly accessible computer.

Here are the contact details you can update and how to do so...

Email Address

Facebook Add Another Email Address

Head to Account > Settings & privacy > Settings, which should send you to the General account settings. Here, click Edit next to Contact to see all the email addresses added to your account.

Make sure you have access to all these accounts, remove outdated email addresses, and add additional ones as needed. We recommend that you have at least two email addresses associated with your Facebook account.

When you add an email address, a confirmation will be sent to your primary address. As a security precaution, this confirmation includes a link that allows you to cancel the request of adding a new email.

In other words, having a working email address on record is an extra layer of security, as you will be notified of changes and can prevent them, while at the same time being able to use that address to recover access to your account.

Mobile Phone Number

Facebook Confirm Your Number

Now let's check the phone numbers attached to your Facebook account. Switch to the Mobile settings screen and review the phone numbers listed here.

As with the email addresses, we recommend that you have at least one backup, i.e. two mobile phone numbers added to your Facebook account.

To add a mobile phone number, you can choose between receiving a text message or a call to verify the number. You'll receive a confirmation code that you can enter on the Mobile Settings page.

Note that this only works with selected carriers and if your mobile carrier is supported, they might charge a fee for receiving Facebook's call or text message.

Related: How to Recover Your Facebook Account When You Can't Log In

3. Update Your Password

Facebook Change Password

A weak password is one of the most likely ways to get your account hacked. A strong password is just as bad if you're using it for more than one online account.

Since passwords can leak, you should also update your password about once a year.

Head to Facebook Settings and switch to the Security and Login settings screen. Under Login, click Edit next to the Change password field.

Enter your current password, followed by two copies of your new password. Click Save changes and don't forget to update your password manager or note down your password in a secure place, for example, a paper-based address book.

Related: How to Create a Strong Password You Won't Forget

4. Enable Login Notifications

Facebook Setting Up Extra Security

To receive email or text message notifications when someone logs into your Facebook account from a new device or location, set up login alerts.

Head to Facebook Settings > Security and Login, scroll down to Setting Up Extra Security, and click Edit next to the Get alerts about unrecognized logins option.

You can have the alerts sent to your Facebook account, Messenger, and any of the email addresses associated with your account; the more, the merrier.

Be sure to click Save changes when you're done.

5. Enable Two-Factor Authentication

Facebook Two-Factor Authentication and Authorized Logins

Two-factor authentication makes it more difficult for someone else to log into your Facebook account. Every time anyone (even you) wants to log into your Facebook account from an unauthorized device, they will need to provide a security code.

You can receive this code under your primary phone number, Facebook's own code generator, or a third-party authentication tool.

To enable Facebook's two-factor authentication, go to Facebook Settings > Security and Login, scroll down to Two-factor authentication, and click Edit next to the Use two-factor authentication option.

You'll have to enter your password before Facebook redirects you to its dedicated Two-factor authentication page, where you can turn two-factor authentication on or off, manage your security methods, and add a backup method.

We highly recommend that you set up the following security methods:

  • Text message (SMS): You can use any of the phone numbers associated with your Facebook account. Since you can only use one at a time, make sure you're using the one you'll most likely have access to in months or years from now. If you change your phone number, remember to update your preferred phone number here.
  • Authentication app: You can receive your login code in most third-party authenticator apps, including Duo and Google Authenticator. Just use the respective app to scan the provided QR code or manually enter a code to unlock the feature.
  • Recovery codes: When all of the above methods fail, it's good to have recovery codes as a backup. You can write the codes down or save them in a secure location.

Note that you can always log in to your account using a previously authorized computer. And it's a good idea to double-check that list from time to time.

You can find it under Facebook Settings > Security and Login, scroll down to Two-factor authentication, then click View next to the Authorized Logins option. Remove all outdated devices or those you're not familiar with.

Related: How to Use Facebook Two-Factor Authentication

Your Facebook Account Saved

It goes without saying that you should log out of your Facebook account after you are finished using it. You should also be very careful with Facebook apps and where you use Facebook to log into other services.

Generally, if you follow some common-sense practices, have a strong password that you never share, and update frequently, your account should be safe.