How to Protect Your Facebook Account from Hackers

For many of us, Facebook is part of everyday life. It’s where we interact with friends and colleagues, follow our favorite celebrities, and stay on top of the latest news. Many of us see Facebook as an extension of ourselves, which is why having your Facebook account hacked can be more than just humiliating. A hacked Facebook account can damage your reputation, expose private information, or even cost you money. If you suspect that your Facebook account has been hacked, the first thing to do is change your password. This minHour teaches you tips and tricks for boosting the security of your Facebook account. 

Protecting Your Password

Create a strong, secure password.

Your Facebook password should be difficult to guess, yet easy for you to remember. Avoid including your name, birthdate, pets, or common words in your password.

• The longer the password, the more difficult it will be for others to crack. One way to create a strong password is to think of a long phrase or series of words that you can remember, but that nobody would ever guess.
• Always include numbers, a mix of upper- and lower-case letters, and symbols in your passwords. Aim for at least 10 characters.
• Try making an acronym out of a memorable sentence or song lyrics. For example, “I’m gonna take my horse to the old town road” could be iGTMhtthotR9! Who would guess that?

Do not use your Facebook password on any other website or app.

You should have a different password for every service you use. For example, let’s say you use the same password for Facebook as you do for TikTok. If your TikTok is hacked, the hacker can also gain access to your Facebook account.

Use a password manager.

As you create more strong and unique passwords, it will be difficult to remember them all. There are many good password managers available that will encrypt and safely store your passwords so you only have to remember one master password. Some popular options are LastPass, Dashlane, and 1password.

• You might even have a password manager built into your operating system. For example, if you have a Mac, iPhone, or iPad, you can use the iCloud Keychain for free.
• If you’re using a browser that saves your passwords, such as Google Chrome, you’ll be required to enter a master password to see them in plain text. In the case of Chrome, you’ll have to enter your Google password. If it’s Microsoft Edge and you’re using Windows 10, you’ll have to confirm your default sign-in password or PIN.

Change your password once every six months.

This goes for all your password, not just Facebook. Set a reminder on your calendar if it’s difficult to remember.

Do not share your Facebook password with anyone.

In fact, don’t share any of your passwords with anyone! Nobody from Facebook or any other service will ever request your password.

Only log in on trusted computers.

If you are using a computer that you don’t know or trust, avoid doing anything that requires you to enter your password. Hackers commonly use key loggers on computer systems that record everything you type, including passwords.

• If you must log in on a computer you don’t trust, you can request a one-time password from Facebook in some regions. To do this, send a text message to 32665 (if you’re not in the US, see this list for your number) containing the letters otp. As long as your mobile phone is linked to Facebook, you’ll receive a 6-digit temporary passcode you can use in the “Password” blank to sign in.
• If it’s not possible for you to use a one-time password and you absolutely must sign in, change your Facebook password as soon as you’re back at your own computer, phone, or tablet.
• Avoid using the “remember password” feature on computers other than your own. If you sign in to Facebook on a public computer (or even at a friend’s house), you may see a “remember password” prompt that asks if you’d like to save the password. Choose the Not Now (or similar) option, or else other users of that computer can gain access to your account.

Using Facebook’s Security Features

Set up Login Alerts.

Login Alerts send you an alert (Facebook notification, email, and/or text message) when someone logs into your account from an unrecognized location. If you get a login alert and you weren’t the one that logged in, click or tap the link to recover your account immediately. Here’s how to set up Login Alerts:

• On a computer:Go to https://www.facebook.com/settings?tab=security.Click Edit next to “Get alerts about unrecognized logins.”Choose how to receive notifications and click Save Changes.
• Go to https://www.facebook.com/settings?tab=security.
• Click Edit next to “Get alerts about unrecognized logins.”
• Choose how to receive notifications and click Save Changes.
• On a phone or tablet:Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.Scroll down and tap Settings & Privacy.Tap Settings.Tap Security and Login.Tap Get alerts about unrecognized logins.Choose how you want to receive alerts.
• Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.
• Scroll down and tap Settings & Privacy.
• Tap Settings.
• Tap Security and Login.
• Tap Get alerts about unrecognized logins.
• Choose how you want to receive alerts.

Enable two-factor authentication.

Two-factor authentication gives your account an extra level of security by requesting a security code when you log in from an unknown browser. You can choose to receive this code via SMS text message or using an authentication app like Google Authenticator. After setting up two-factor authentication, you’ll be given options for recovering your account in case you lose access to your second device (your phone).

• On a Computer:Go to https://www.facebook.com/settings?tab=security.Click Edit next to ” Use two-factor authentication.”Select Use Text Message and follow the instructions to receive codes via SMS (most common), and follow the on-screen instructions.Select Use Authentication App to use an authentication app like Duo or Google Authenticator, and follow the on-screen instructions.
• Go to https://www.facebook.com/settings?tab=security.
• Click Edit next to ” Use two-factor authentication.”
• Select Use Text Message and follow the instructions to receive codes via SMS (most common), and follow the on-screen instructions.
• Select Use Authentication App to use an authentication app like Duo or Google Authenticator, and follow the on-screen instructions.
• Using a phone or tablet:Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.Navigate to Settings & Privacy > Settings.Tap Security and Login.Tap Use two-factor authentication.Tap Use Text Message and follow the instructions to receive codes via SMS (most common), and follow the on-screen instructions.Tap Use Authentication App to use an authentication app like Duo or Google Authenticator, and follow the on-screen instructions.
• Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.
• Navigate to Settings & Privacy > Settings.
• Tap Security and Login.
• Tap Use two-factor authentication.
• Tap Use Text Message and follow the instructions to receive codes via SMS (most common), and follow the on-screen instructions.
• Tap Use Authentication App to use an authentication app like Duo or Google Authenticator, and follow the on-screen instructions.

Choose trusted contacts in case you lose access to your account.

Trusted contacts are friends that can help you get back into your Facebook account if you ever lose access. You should only choose people that you really trust to be a trusted contact. If you have a falling out with one of your trusted contacts, then make sure to remove them as soon as possible, since they might try to hack your account. To set up trusted contacts:

• Using a computer:Go to https://www.facebook.com/settings?tab=security.Click Edit next to “Choose 3 to 5 friends to contact if you get locked out.”Select Choose friends and follow the on-screen instructions.
• Go to https://www.facebook.com/settings?tab=security.
• Click Edit next to “Choose 3 to 5 friends to contact if you get locked out.”
• Select Choose friends and follow the on-screen instructions.
• Using a phone or tablet:Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.Navigate to Settings & Privacy > Settings > Security and Login.Tap Choose 3 to 5 friends to contact if you get locked out and follow the on-screen instructions.
• Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.
• Navigate to Settings & Privacy > Settings > Security and Login.
• Tap Choose 3 to 5 friends to contact if you get locked out and follow the on-screen instructions.

See where you’re logged in (and log yourself out remotely).

The “Where You’re Logged In” section tells you which devices are currently signed to your Facebook account. If you think someone is using your account, or that you left yourself logged in somewhere else (like at work or on a friend’s computer), you can use it to sign yourself out remotely.

• Using a computer:Go to https://www.facebook.com/settings?tab=security. This shows you a list of currently signed-in locations near the top of the page.Click See more to expand the list (if given the option).To sign out of a session, click the three vertical dots and select Log Out. Or, if the session is not you (if you think you’ve been hacked), select Not You? instead and follow the on-screen instructions.Click Log Out of All Sessions to sign out everywhere you’re logged in.
• Go to https://www.facebook.com/settings?tab=security. This shows you a list of currently signed-in locations near the top of the page.
• Click See more to expand the list (if given the option).
• To sign out of a session, click the three vertical dots and select Log Out. Or, if the session is not you (if you think you’ve been hacked), select Not You? instead and follow the on-screen instructions.
• Click Log Out of All Sessions to sign out everywhere you’re logged in.
• Using a phone or tablet:Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.Navigate to Settings & Privacy > Settings > Security and Login.Locate the list of currently-signed in locations.Tap See all if necessary.To sign out of a location, tap the three vertical dots and select Log Out. Or, if you think you’ve been hacked, select Not You? and follow the on-screen instructions.Repeat until you’re signed out everywhere you want.
• Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.
• Navigate to Settings & Privacy > Settings > Security and Login.
• Locate the list of currently-signed in locations.
• Tap See all if necessary.
• To sign out of a location, tap the three vertical dots and select Log Out. Or, if you think you’ve been hacked, select Not You? and follow the on-screen instructions.
• Repeat until you’re signed out everywhere you want.

Check the list of recent emails from Facebook.

If you accidentally deleted an email that Facebook sent you, or if your email account was hacked and you’re afraid that the hacker got into your Facebook account, you can see a list of recent messages sent by Facebook.

• Using a computer:Go to https://www.facebook.com/settings?tab=security.Click View next to “See recent emails from Facebook”. Security emails are on the first page—tap OTHER EMAILS to see different types of Facebook emails.Click I didn’t do this or Secure your account if necessary.
• Go to https://www.facebook.com/settings?tab=security.
• Click View next to “See recent emails from Facebook”. Security emails are on the first page—tap OTHER EMAILS to see different types of Facebook emails.
• Click I didn’t do this or Secure your account if necessary.
• Using a phone or tablet:Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.Navigate to Settings & Privacy > Settings > Security and Login.Tap See recent emails from Facebook.Tap I didn’t do this or Secure your account if necessary.
• Open the Facebook app and tap the menu (the three horizontal lines) or the large F at the bottom-center.
• Navigate to Settings & Privacy > Settings > Security and Login.
• Tap See recent emails from Facebook.
• Tap I didn’t do this or Secure your account if necessary.

Limit who can see your posts.

If you’ve never specifically chosen an audience for your Facebook posts, you may be sharing your information publicly. When posting to Facebook, you can click or tap the small drop-down menu above (mobile) or below (computer) the typing area to select an audience (, , etc.). If you want to go back and limit your previous posts, here’s how:

• Using a computer:Go to https://www.facebook.com/settings?tab=privacy.Click Edit next to “Who can see your future posts?” to control your default posting privacy.Click Limit Past Posts to change all public (or friends-of-friends) posts to friends-only.Click Check a few important settings at the top of the page to run a privacy checkup for more settings to change.
• Go to https://www.facebook.com/settings?tab=privacy.
• Click Edit next to “Who can see your future posts?” to control your default posting privacy.
• Click Limit Past Posts to change all public (or friends-of-friends) posts to friends-only.
• Click Check a few important settings at the top of the page to run a privacy checkup for more settings to change.
• Using a phone or tablet:Navigate to Settings & Privacy > Settings > Privacy Settings.Tap Who can see your future posts? to control your default posting privacy.Tap Limit who can see past posts to change all public (or friends-of-friends) posts to friends-only.Tap Check a few important settings at the top of the page to run a privacy checkup for more settings to change.
• Navigate to Settings & Privacy > Settings > Privacy Settings.
• Tap Who can see your future posts? to control your default posting privacy.
• Tap Limit who can see past posts to change all public (or friends-of-friends) posts to friends-only.
• Tap Check a few important settings at the top of the page to run a privacy checkup for more settings to change.
• To see what your profile looks like to other people (computer or mobile), go to your profile, click or tap the three horizontal dots (…) near the top of the page, and then select View as.

Encrypt your notification emails (advanced users).

Facebook gives you the option to have all notification emails to be encrypted before they are sent to you. This can only be done on Facebook’s website (not the mobile app), and you’ll need an OpenPGP key to get started. To do this, head over to https://www.facebook.com/settings?tab=security, scroll down and click next to “Encrypted notification emails,” paste your OpenPGP Key into the box, add a checkmark to the box, and then click .

Exercising Caution on Facebook

Make sure you’re logging in on the correct website.

If you’re using a web browser to access Facebook, make sure the address bar actually says www.facebook.com and not something like facebook.co, face.com, or facebook1.com, etc. Phishers often choose sites that you may accidentally type into your address bar when in a hurry.

• Be especially careful when clicking links in email messages from Facebook. Scammers may send emails that look like they are from Facebook but are rogue sites that steal your data. If you click or tap a Facebook link in an email and you see any domain name that isn’t “facebook.com,” do not enter your password or any other personal info.

Do not accept friend requests from people you don’t know.

Scammers can create fake accounts and friend people. Once they’ve friended you, they can spam your timeline, tag you in posts, send you malicious messages, and even target your friends.

• If your birthday and location are viewable by your Facebook friends, and you regularly update your whereabouts, scammers might be able to use your details and updates to crack your passwords or even break into your home when they know you’re away on vacation.
• Be wary if you receive a friend request from someone you think you’re already friends with. Scammers often mimic real peoples’ profiles and try to make friends with their friends.

Click carefully.

Your friends aren’t immune to spam. If a friend posts a suspicious link or “shocking video” or sends something strange in a message, don’t click it—even if it’s from someone you know. If one of your Facebook friends clicks on a spam link, they could accidentally send it over to you.

• This also goes for sketchy looking websites, browser plug-ins and videos, and suspicious emails and notifications. If you ever receive an email asking for your password for any account that you have, do not respond. Reputable companies will never request your password over email.

Review your account purchases regularly.

If you make purchases on Facebook, be sure to review your purchase history regularly. That way, if someone does manage to get into your account and spend money, you can seek help from Facebook’s Payments Support Center.

• To see your payment history on a computer, visit https://secure.facebook.com/facebook_pay/payment_history.
• If you’re using a phone or tablet, tap the three horizontal lines or blue-and-white “f”, tap Facebook Pay, and then scroll down to the “Payment History” section.
• To review your payment history, go to “Settings” and then click on the “Payments” tab.

Report someone on Facebook.

How you report something will depend upon what you’re reporting.

• To report a profile, go to the profile you want to report, click or tap the three horizontal dots (…) near the top, select Find Support or Report Profile, and follow the on-screen instructions.
• To report a problematic post, navigate to the post, click or tap the three horizontal dots (…) near the top, select Find Support or Report Profile, and follow the on-screen instructions.
• To report a message, open the message you’d like to report in Facebook (or Messenger on a phone or tablet), click the gear or tap the person’s name, and select Something’s Wrong. Follow the on-screen instructions.

Block suspicious people on Facebook.

If someone is harassing you, sending you multiple repeated friend requests, or is trying to hack you, it’s best to just block them. People won’t be notified when they are blocked by you unless they try to view your account. Blocking people makes sure that they are removed from your friends list, trusted contacts, and prevents them from harassing you. To block someone, click or tap the three dots at the top of their profile, select , and follow the on-screen instructions.

Log out of Facebook when not using your own computer.

This is particularly important if you’re using a computer at a library or internet café, where many people you do not know will use the computer throughout the day.

Scan for malware and viruses regularly.

Malware may help hackers circumvent Facebook’s security tools to get access to your account. From there, it can collect personal information, send status updates and messages that appear to be from you, or cover your account with ads that will crash your computer. There are a number of free anti-malware programs available online. Facebook recommends ESET and Trend Micro as free scanning tools.

• Your computer may have malware on it if you have recently tried to watch a “shocking video” via a Facebook post; if you have visited a website claiming to offer special Facebook features; or if you have downloaded a browser add-on that claims to do the impossible (for example, allowing you to change the color of your Facebook profile).

Keep all software up to date.

In particular, ensure that whatever browser you are using is up to date. Facebook supports Firefox, Safari, Chrome, and Internet Explorer.

Know how to spot a phishing scam.

If you receive an email or Facebook message asking for your personal information, it could be a phishing attempt. Always report all Facebook-related phishing attempts to Facebook via email at phish@fb.com. To avoid getting “phished” (scammed), beware of the following:

• Messages claiming to contain your password as an attachment.
• Images or messages with links that don’t match what you see in your status bar when you hover over them.
• Messages asking for your personal information such as your password, credit card info, driver’s license, social insurance number, date of birth, etc.
• Messages claiming that your account will be deleted or locked unless you act immediately.

Tips

• If you’re worried your Facebook account has been hacked, change your Facebook password right away.