Facebook’s ubiquity makes it dangerous in so many ways. Aside from the threat of picking up malware, the ever-present risk of someone hacking your account — plus privacy issues from Facebook itself — mean you must be vigilant when using the service.
Thankfully, it only takes a few moments to make sure you’re not at risk for Facebook issues. Here are six easy ways to avoid becoming a victim on Facebook.
1. Browse With an Alternate Mobile App
Facebook’s mobile apps came under fire a few years ago when it started forcing users to use the dedicated Messenger instead of the main Facebook app. People who knew nothing about mobile operating system permissions made a huge fuss over the amount of permissions that Messenger required, but didn’t seem to understand that the main Facebook app required all those permissions, too.
— Sharath Nair (@rianair24) February 22, 2017
This is still the case, and if you use Facebook on your mobile device, you’re vulnerable to always being logged in. Both the main FB app and Messenger require permission to your phone’s camera, microphone, location, contacts, and more. They have explanations for them, but the reality is that you’re volunteering a lot of information by using them. Plus, since you’re logged in, the app is running even when you’re not using it.
The safest way to use Facebook on mobile is with an alternative app. These wrap Facebook’s mobile website so that your Facebook usage is contained in one app instead of spread all around your phone — and they don’t require permissions.
2. Enable Two-Factor Authentication
Two-factor authentication (2FA) is vital for protecting any accounts that are important to you. In addition to your password (something you know), it requires a code from your phone (something you have) to log in. This means that even if someone steals your password, it’s useless unless they also have your phone.
To get started with two-factor authentication, log into Facebook and visit your Security settings page. Click on the Login Approvals to get started with 2FA. Facebook will walk you through the steps here. You can get codes via a text message to your phone, but using an authenticator app is better.
Click third party app in the Code Generator section to add one. You’ll need an authenticator app for this — we recommend Authy because it lets you back up your accounts, and can sync codes across multiple devices. Follow the steps to add Facebook to your authenticator app and you’re all set.
Now, whenever you log in on a new computer, you’ll have to enter your 2FA code after your password. You can check a box to remove this requirement on your home PC for convenience.
Once you’ve enabled 2FA, make sure to print out the Recovery Codes from your settings page. Keep this in a safe place, because they’re the only way back into your account if you lose access to Authy.
3. Use a Password Manager
If there’s only one action you take after reading this list, make it this — keep a secure password for your Facebook account! A weak password can easily be broken into by malicious folks and it’s a mess to recover your account and clean up the damage this causes. Using the same password as other sites or a short password is a bad idea.
To make the burden of creating and remembering a good password lighter, you should use a password manager. We think LastPass is your best option, as it’s available free and doesn’t cost a fee for use on mobile devices.
With LastPass, you can automatically generate a secure password made up of random numbers, letters, and symbols. You don’t have to remember anything except your master password to unlock the vault, and they’re all kept secure. It’s so much better than reusing “browndog73” as your password everywhere. If you don’t know your 30-character Facebook password, it’s extremely hard for someone to crack it.
4. Log Out and Use a Privacy Browser Extension
Have you ever seen ads on Facebook for the TV you were just checking out on Amazon? That’s because Facebook tracks what you do around the web, not just on its own website. Everywhere you see a little Like button means that Facebook is running scripts on that page.
Using a wrapper app on your phone prevents Facebook from always running, so why not do the same on the web? For privacy and tracking purposes, you should sign out of Facebook when you’re not using it. Try only visiting Facebook using an incognito window for even more privacy.
If you don’t want to bother with signing out all the time, use a privacy-focused app like Disconnect to disable Facebook’s buttons and tracking around the web. It’s available for Chrome, Firefox, and Safari, and doesn’t require any configuration to use.
5. Check Your Facebook Security Settings
We mentioned that setting up two-factor authentication is important, but there are several other Facebook settings you should monitor, too. Head to your Security Settings page and have a look at these options:
- Login Alerts — Enable this and you’ll get an email whenever someone logs into your account from an unknown browser. If you see a notification that you’ve logged in and it wasn’t you, immediately change your password.
- Your Trusted Contacts — Choose a few close friends or family members whom you trust. If you ever lose access to your account and can’t get into your email to reset it, these friends can send you a special code to regain access to your account. Make sure you pick people whom you can contact through methods other than Facebook!
- Recognized Devices — When you log into your account on these devices, you won’t get an alert. Have a look through here and make sure that you don’t see any strange entries here.
- Where You’re Logged In — Like the above, review this list and make sure that your account isn’t currently active across the world.
— Teacloc (@Teacloc) March 10, 2017
The Apps tab contains all the services that you’ve signed into using Facebook. It’s wise to review these once in a while to make sure there’s nothing rogue here.
6. Don’t Forget About Privacy!
While security settings are important for keeping your account safe, you should also review your privacy settings to ensure that your posts aren’t being seen by unwanted parties.
Head to the Privacy tab of your settings and review these entries:
- Who can see my stuff? — This sets the default audience for your posts. Choosing Friends makes sense, as Public makes them available to anyone on the internet. The Limit the Audience for Old Posts button will convert all past Public/Friends of Friends posts to Friends.
- Who can look me up? — Whichever option you choose here affects who can search for you using your email address and phone number. You can also uncheck Allow search engines outside of Facebook to link to your profile if you don’t want Google to link to your profile.
Check your Timeline and Tagging settings to adjust what people can post about you:
- Change Who can post on your Timeline? to Only me if you get lots of unwanted posts. For a less drastic measure, enable Review posts friends tag you in… to require your approval for Timeline posts.
- Under Who can see things on my timeline?, click View As to see what your profile looks like to the internet at large, or a specific person on Facebook. Use the below two options to change what others can see on your Timeline.
- Set Who sees tag suggestions when photos that look like you are updated? to No One so Facebook doesn’t suggest that friends tag you in photos.
Finally, review the Ads tab to opt out of personalized advertisements. Set the top two options to No to remove interest-based ads and choose No One for Who can see your social actions paired with ads? so Facebook doesn’t use your likes to show ads to your friends.
A Secure Facebook Account Is Achievable
You don’t have to worry about Facebook security when you apply these tips. There are risks that come with using the platform, but several built-in, and third-party tools make it easier to mitigate them. It’s a certainty that most hacked Facebook accounts didn’t take the time to follow this advice.
Now that your account is secure, make sure you know how to spot Facebook hoaxes. And if you want the utmost security, the best solution is to completely stop using Facebook before it consumes your life.
Which vital security tips would you share with all Facebook users? Please share your security stories and tips with us in the comments!