Why would anyone want to break into my account?
Facebook accounts are a goldmine for criminals. You may not think that anyone would find value from accessing posts of your dinner last night or your political rants, but the real attraction is in your network. Yes, your friends are more valuable than you!
It comes down to psychology and something known as 'social engineering' (or in other words, manipulation). Your friends trust you, and are far more likely to click on a link that you posted than anything from a stranger. The criminals may even try to talk to your friends over Messenger to scam them directly.
In addition, with access to your account, the hackers may learn enough about you to steal your identity, as well as log into any websites that you have linked to your Facebook login.
1. Turn on two-factor authentication
If you only do one thing from this page, make it this one! This feature, found under the "Use two-factor authentication" menu option, will ask for a code or approval every time you (or anyone else) logs in from an unrecognised device.
This will stop any hacker who's discovered your password from being able to login.
a) Enable Facebook two factor authentication
The first step in using Facebook's two factor authentication is to ensure your phone number is registered, plus (if you have the Facebook app on your phone) enabling the code generator.
Step 1: From the security menu in the section "Two-Factor Authentication", find the option for "Use two-factor authentication" and click "Edit".
Step 2: You'll now see the Two-Factor Authentication screen; click the "Get Started" button. Note that you may sometimes be asked to re-enter your password.
Step 3: Facebook offers 2 ways to verify your identity; either by a code sent to your phone, or with a code generating app. Text messages aren't infallible so use an app if you want the best security, however many people find text messages more convenient.
Choose whichever method you prefer and follow the simple steps to set it up.
Step 5: Once you've set two factor authentication up (there's only a couple of steps) then you'll see a message confirming that it's active. Click Finish to close this message box.
Congratulations, you've just made your Facebook account much more secure! Now, whenever you login from a new computer or phone, you'll be asked for a single-use code in addition to your password. This could be texted to you, or if you have an authenticator app on your phone, you can get the code from here instead.
You'll only be asked for a code whenever you login from an unrecognised device - it won't keep annoying you when you're logging in from your normal phone or computer.
b) Clear up recognised devices
Now that you've enabled two-factor authentication you should do a spring clean of devices that are currently associated with your Facebook account. This will ensure that only known devices are allowed to login.
Step 1: Back in the settings and just under the "Use two-factor authentication" option is the heading "Authorized Logins". Click the "View" button.
Step 2: You'll now see a list of devices that Facebook knows about. This list may have grown quite long over the years; start from the oldest known ones at bottom and tick the check boxes on them all. Work your way to the top until you're left with devices that you're currently using - leave them here. When you're done click "Remove".
c) Create some app passwords
When you enable two factor authentication this can cause some problems when you try to give other apps permission to login to Facebook. Often it works fine & you can enter the two-factor code, but when this doesn't work you can fall back on dedicated app passwords.
There's no need to create these just yet - wait until you need them otherwise you'd have to store them somewhere which isn't a good idea.
Step 1: From the security menu in the section "Two-Factor Authentication", find the option for "App Passwords" and click "Add".
Step 2: The menu will then expand; click on "Generate app passwords".
Step 3: You'll first be shown this message explaining about these passwords - read it and click "Generate App Passwords".
Step 4: Enter the name of the app you want to use this password for and click "Generate Password".
Step 5: Your new password will then be displayed. You won't be able to view this again so it's advisable to use it straight away. If you forget it before you use it then you can always just create a new one.
2. Enable login notifications
This setting will send you an email whenever someone logs into your Facebook account from a new device. If you have a strong password and two-factor authentication setup then you shouldn't ever need this, but it's a useful layer of security nonetheless.
Step 1: From the security menu in the section "Setting Up Extra Security", find the option for "Get alerts about unrecognized logins" and click "Edit".
Step 2: Within here you can enable email notifications for both the main Facebook site and for Facebook Messenger. Make sure you select the option beginning "Email login alerts to..." in order for them to be sent.
Step 3: You can also add new email destinations to send alerts to. Click "Add new another email or phone number"; you may first be prompted to re-enter your password.
Step 4: Enter your email address here that you want login alerts sent to. You can add phone numbers too. Click "Add", and then "Save Changes" on the main screen.
3. Clear up active sessions
Active sessions are those where you've logged into Facebook recently. If you revisit Facebook from one of these devices then you won't need to enter a password again.
These are always worth reviewing occasionally to check if there's anything there you don't recognise.
I was once on holiday with a friend when I received some spam sent from his Facebook account. We immediately went to these settings and saw some hackers logged into his account - we booted them out, but watched as they logged straight back in. We quickly set up Facebook two-factor authentication and changed his password to keep them out for good.
Step 1: From the main Security Settings menu, at the top of the page you'll see listed all of your currently active sessions. This will tell you what Facebook thinks the device was, where you logged in from, and when that session was last used.
Step 2: For any sessions you don't recognise, or any that are very old, then click the 3 vertical buttons icon over to the right and simply select "Log Out".
4. Set Trusted Contacts
Whilst not a feature that will prevent hackers from breaking in, Trusted Contacts is extremely useful for helping you get back into your account again should you ever lose access. Whilst you're reviewing your other Facebook account settings, you might as well set this too!
The concept is simple, you simply nominate between 3 and 5 trusted friends who can each vouch for you. Then, if you're ever locked out of your account, Facebook will give these friends each a part of a recovery code that when put together will let you back into your account.
Step 1: From the security menu find the option for "Choose 3 to 5 friends to contact if you get locked out" and click "Edit".
Step 2: If this is your first time setting this up then it will say "You haven't chosen any friends yet". Click the "Choose friends" link.
Step 3: You'll now get a message explaining the concept and how it works. Read it, and if you're happy, click "Choose Trusted Contacts".
Step 4: This is where you enter the friends you want to nominate - make sure you do genuinely trust them! Once you've added them (they'll be notified that you've nominated them) then click "Confirm".
Step 5: Congratulations - you've now set this up! (don't worry, you can easily remove friends from here if you ever want to). Just make sure to remember who you've nominated in case you ever get locked out and need to call on them for help!