How To Secure Your Facebook Account

As one of the world's biggest websites with over 2 billion users, it's no surprise that Facebook is a regular target for cybercrooks.

Facebook's security is very good, but even that can be beaten - especially if all you rely on is a single password to access your account. Read on to find out about Facebook's security settings and how to make your Facebook login secure.

Jump straight to topic:

Why would anyone want to break into my account?

Facebook likes

Facebook accounts are a goldmine for criminals. You may not think that anyone would find value from accessing posts of your dinner last night or your political rants, but the real attraction is in your network. Yes, your friends are more valuable than you!

It comes down to psychology and something known as 'social engineering' (or in other words, manipulation). Your friends trust you, and are far more likely to click on a link that you posted than anything from a stranger. The criminals may even try to talk to your friends over Messenger to scam them directly.

In addition, with access to your account, the hackers may learn enough about you to steal your identity, as well as log into any websites that you have linked to your Facebook login.

Firstly, find Facebook's Security Settings menu...

For all the settings shown below you'll first need to navigate to the "Security and Login" menu. This is easy to find:

The screenshots and instructions on the rest of this page are for the desktop version of Facebook, however all Facebook security settings are accessible from your phone apps too - look for the menu items & options with the same names as below.

1. Turn on two-factor authentication

If you only do one thing from this page, make it this one! This feature, found under the "Use two-factor authentication" menu option, will ask for a code or approval every time you (or anyone else) logs in from an unrecognised device.

This will stop any hacker who's discovered your password from being able to login.

a) Enable Facebook two factor authentication

The first step in using Facebook's two factor authentication is to ensure your phone number is registered, plus (if you have the Facebook app on your phone) enabling the code generator.

Menu option for configuring two factor authentication

Step 1: From the security menu in the section "Two-Factor Authentication", find the option for "Use two-factor authentication" and click "Edit".

Two factor authentication screen

Step 2: You'll now see the Two-Factor Authentication screen; click the "Get Started" button. Note that you may sometimes be asked to re-enter your password.

Choosing the security method

Step 3: Facebook offers 2 ways to verify your identity; either by a code sent to your phone, or with a code generating app. Text messages aren't infallible so use an app if you want the best security, however many people find text messages more convenient.

Choose whichever method you prefer and follow the simple steps to set it up.

Two factor authentication is on

Step 5: Once you've set two factor authentication up (there's only a couple of steps) then you'll see a message confirming that it's active. Click Finish to close this message box.

Congratulations, you've just made your Facebook account much more secure! Now, whenever you login from a new computer or phone, you'll be asked for a single-use code in addition to your password. This could be texted to you, or if you have an authenticator app on your phone, you can get the code from here instead.

You'll only be asked for a code whenever you login from an unrecognised device - it won't keep annoying you when you're logging in from your normal phone or computer.

b) Clear up recognised devices

Now that you've enabled two-factor authentication you should do a spring clean of devices that are currently associated with your Facebook account. This will ensure that only known devices are allowed to login.

Menu option for viewing currently authorized logins

Step 1: Back in the settings and just under the "Use two-factor authentication" option is the heading "Authorized Logins". Click the "View" button.

Removing authorized logins

Step 2: You'll now see a list of devices that Facebook knows about. This list may have grown quite long over the years; start from the oldest known ones at bottom and tick the check boxes on them all. Work your way to the top until you're left with devices that you're currently using - leave them here. When you're done click "Remove".

c) Create some app passwords

When you enable two factor authentication this can cause some problems when you try to give other apps permission to login to Facebook. Often it works fine & you can enter the two-factor code, but when this doesn't work you can fall back on dedicated app passwords.

There's no need to create these just yet - wait until you need them otherwise you'd have to store them somewhere which isn't a good idea.

Menu option for getting app passwords

Step 1: From the security menu in the section "Two-Factor Authentication", find the option for "App Passwords" and click "Add".

Menu option for getting app passwords

Step 2: The menu will then expand; click on "Generate app passwords".

Introduction message about App Passwords

Step 3: You'll first be shown this message explaining about these passwords - read it and click "Generate App Passwords".

Enter the name of the app you want the password for

Step 4: Enter the name of the app you want to use this password for and click "Generate Password".

New password displayed

Step 5: Your new password will then be displayed. You won't be able to view this again so it's advisable to use it straight away. If you forget it before you use it then you can always just create a new one.

2. Enable login notifications

This setting will send you an email whenever someone logs into your Facebook account from a new device. If you have a strong password and two-factor authentication setup then you shouldn't ever need this, but it's a useful layer of security nonetheless.

Menu option for getting alerts about unrecognised logins

Step 1: From the security menu in the section "Setting Up Extra Security", find the option for "Get alerts about unrecognized logins" and click "Edit".

Configuring email notifications

Step 2: Within here you can enable email notifications for both the main Facebook site and for Facebook Messenger. Make sure you select the option beginning "Email login alerts to..." in order for them to be sent.

Re-enter your password before you can add a new email address

Step 3: You can also add new email destinations to send alerts to. Click "Add new another email or phone number"; you may first be prompted to re-enter your password.

Adding a new email address

Step 4: Enter your email address here that you want login alerts sent to. You can add phone numbers too. Click "Add", and then "Save Changes" on the main screen.

3. Clear up active sessions

Active sessions are those where you've logged into Facebook recently. If you revisit Facebook from one of these devices then you won't need to enter a password again.

These are always worth reviewing occasionally to check if there's anything there you don't recognise.

Author's note:

I was once on holiday with a friend when I received some spam sent from his Facebook account. We immediately went to these settings and saw some hackers logged into his account - we booted them out, but watched as they logged straight back in. We quickly set up Facebook two-factor authentication and changed his password to keep them out for good.

List of active Facebook sessions

Step 1: From the main Security Settings menu, at the top of the page you'll see listed all of your currently active sessions. This will tell you what Facebook thinks the device was, where you logged in from, and when that session was last used.

Deleting active Facebook sessions

Step 2: For any sessions you don't recognise, or any that are very old, then click the 3 vertical buttons icon over to the right and simply select "Log Out".

4. Set Trusted Contacts

Whilst not a feature that will prevent hackers from breaking in, Trusted Contacts is extremely useful for helping you get back into your account again should you ever lose access. Whilst you're reviewing your other Facebook account settings, you might as well set this too!

The concept is simple, you simply nominate between 3 and 5 trusted friends who can each vouch for you. Then, if you're ever locked out of your account, Facebook will give these friends each a part of a recovery code that when put together will let you back into your account.

Menu option for setting up trusted contacts

Step 1: From the security menu find the option for "Choose 3 to 5 friends to contact if you get locked out" and click "Edit".

Menu option for setting up trusted contacts

Step 2: If this is your first time setting this up then it will say "You haven't chosen any friends yet". Click the "Choose friends" link.

Introduction message about Trusted Contacts

Step 3: You'll now get a message explaining the concept and how it works. Read it, and if you're happy, click "Choose Trusted Contacts".

Adding friends as a trusted contact

Step 4: This is where you enter the friends you want to nominate - make sure you do genuinely trust them! Once you've added them (they'll be notified that you've nominated them) then click "Confirm".

Trusted Contacts set up complete

Step 5: Congratulations - you've now set this up! (don't worry, you can easily remove friends from here if you ever want to). Just make sure to remember who you've nominated in case you ever get locked out and need to call on them for help!

Have any feedback on this page? Let us know -