Take 6 Minutes to Secure Your Facebook Account

Facebook is appearing more and more under the spotlight for security and privacy concerns these days, and its power to literally sway entire populations and governments into a particular way of thinking (watch ‘The Great Hack’ on Netflix) is pretty scary. For that reason, it’s regularly the target of highly sophisticated hackers, including those (allegedly) employed by people in positions of power for their own gain.

Russian spies aside, it’s also possible that your own Facebook profile is at risk of access by someone much closer to home. A disgruntled customer, a difficult colleague, or even a partner or family member that you’ve fallen out with.

So here’s a review of four key areas that you should direct your attention to. Once you’ve run through this list and implemented a few easy changes – which will take less than ten minutes – you’ll feel a whole lot better about your Facebook access, and more confident knowing your account is a little more secure.

In summary, the below will help you to:

Stop others from logging into your account
Understand who (if anyone) currently has access and when they last accessed your account
Regain access in the event that you get logged out
Assign someone to tidy-up your account in the event of your passing

Note that I’m not going to talk about setting a secure password that can’t be guessed or easily hacked, as that should be a given! (Just quickly, though, long passwords are going to be significantly more secure than short ones. The easy win is a long but unusual sentence that includes some capitals, numbers and special characters. Think ‘Ican’t*believe*mydogclimbedatree!!’ rather than ‘Pa55word!’.)

Most of these settings are found under ‘Facebook > Settings > Security’, except for ‘Memorialisation’ which is found under ‘Facebook > Settings > General’.

Let’s get started!

I want to prevent someone from logging in, even if they have my password.

Even if you have a great password, there’s a risk that either:

Someone will hack it
Someone will see you enter it
Someone will access a device you’ve previously used and have saved your password to

So, luckily there’s a way to ensure that only you can access your account even if someone has access to your password. This is through the use of two-factor authentication.

What’s two-factor authentication?

Logging in to an account usually requires a username and a password. With two-factor authentication, after entering these details you’ll be asked for some extra info – typically a temporary code – before you can unlock the account.

Please do this. Someone guessing or having access to your password – or to a saved browser/device – is the easiest and most common way for your account to be accessed. It’ll sound inconvenient but you can actually save a particular device – typically your phone – to not have to go through this process more than once, unless unusual activity is detected.

The two main ways to get this extra code at the time of you logging in are via either receiving a text message from Facebook to a mobile device that you’ve previously approved, or via using a special app. For the latter, after getting set up, you’ll open the app each time you log in and it’ll present you with a special 6-digit code that changes every 30 seconds. Enter this code into Facebook and you’re in.

If that sounds like too much of a struggle (really, who wants to go through this process every time you open your Facebook app) then you can set one (or multiple) devices to not need two-factor authentication.

What if I lose my phone?

Don’t panic. Facebook will have alternative ways to help you verify your identity, but the best option is to use one of the various back-up methods. These include:

Using an app
Using a text message
Using a pre-arranged code (that you’d need to store somewhere safely)
Using a pre-arranged USB

Passwords can be hacked. Adding two-factor authentication is a huge step towards a safer account. Once you get used to it, you’ll be setting up the same system for various other accounts that you use.

To get started, head to:

Facebook > Settings > Security >scroll to ‘Two-factor authentication’ > click ‘Use two-factor authentication’

Log out of all Facebook devices at once.

Review third-party apps and websites with Facebook access.

I think someone else may have logged into my account.

If you suspect that someone may be logging into your account on another device (computer, phone, tablet, gaming console, etc.) or even just in another browser window, then there are two actions you can take to remove everything except the device you’re currently using. There’s no harm at all in doing this – if you have another device that you want to be logged into Facebook, then you can just return to that device and log yourself back in at your leisure.

See (and remove) all devices that have recently accessed your account

You can see a full list of devices that have logged into your Facebook account, including a history of recent sessions as well as those that are currently active.

Facebook > Settings > Security > scroll to ‘Where you’re logged in’

Don’t panic too much if you see lots of repeat sessions. Facebook is counting each app that has used a Facebook session, including the Messenger app as well as the main Facebook app itself. This could also include other apps by Facebook, for example those who are using the Facebook Pages and Facebook Ads apps to manage business accounts.

If in any doubt at all, or even as a regular tidy-up, you can click the link for ‘Log out of all sessions’ in the bottom right of this section. At this point you’ll get a pop-up with a secondary option to ‘Secure your account’. Do this if you think that others may have logged into your account. It’ll also help you find out if any changes have been made to your account without your knowledge.

Hi Mark, let’s secure your account
To help keep your Facebook account secure, we’ll take you through a few steps to change your password and make sure any recent changes to your account came from you.

See (and remove) all authorised logins

If you’ve ever logged into Facebook and checked a box to ‘Remember me’, ‘Remember my login’, or ‘Save this password’, then you’re at risk of someone using that same device to access your account without the need to log in.

To review those logins and remove all authorised devices so that they’ll be prompted for a password when next used, head to:

Facebook > Settings > Security > scroll to ‘Two-factor authentication’ section > click on ‘Authorised logins’

This will give you a list that includes a checkbox next to each one. As you can see from my screenshot, this is a long list that can go back years! There’s also no ‘Select all’ option so you’ll need to check each one manually, then click ‘Remove’.

Check and remove any other apps and websites with access to your Facebook account.

If you’ve ever interacted with third-party apps and websites – particularly those such as games, quizzes and surveys – it’s likely that you’ve given those sites access to your Facebook details and even data such as your friends’ public Facebook information.

To review the apps and websites that have access, you can navigate to:

Facebook > Settings > Apps and websites

In this area you can also remove those apps and websites. It’s worth noting that I use Facebook heavily for business and yet I don’t require any third-party apps and websites to have access through this area, so feel free to go ahead and remove everything. If you regularly use an app or website that you’d like to use your Facebook profile with, you’ll be prompted to login and re-accept this connection the next time you use the service.

Set your legacy contact for memorialisation.

I want someone that I trust to access my account (or help me to).

There are two occasions where you may want to use your trusted contacts to help with access to your account.

One is memorialisation. This is designed to help ‘wind down’ your account in the event of your passing. Speaking from experience, this is definitely worth setting as it’ll help prevent upsetting notifications such as birthday reminders for friends and family that have passed away.

To do this, you’ll need to set a ‘Legacy Contact’ by heading to:

Facebook > Settings > General > click on ‘Memorialisation settings’

Facebook says:

Choose someone to look after your account after you pass away. They’ll be able to:

Manage tribute posts on your profile, which includes deciding who can post and who can see posts, deleting posts and removing tags

Request the removal of your account
Respond to new friend requests

Update your profile picture and cover photo
Your legacy contact can only manage posts made after you’ve passed away. They won’t be able to post as you or see your messages.

The second is ‘Trusted contacts’. Facebook recommends setting 3 to 5 friends as those that you trust to help with accessing your account in a lock-out incident. To be clear, they won’t be able to access your account whenever they like. Rather, in the event that you get locked out, you’ll be able to contact your friends (in the real world) and then have them send you a code and a link to click to help you get yourself logged back in.

This is under:

Facebook > Settings > Security > scroll to ‘Setting up extra security’ > click on ‘Choose 3 to 5 friends…’

Once you add your friends they’ll receive a notification letting them know they’ve been added.

Feel better?

This isn’t a complete list, but if you’ve completed the above then you’re now in a much better position to prevent others from accessing your account and also to help others move on and tidy-up your account in the event of your passing.

If you have any questions or concerns, please don’t hesitate to ask in the comments below.

Photo credit: Main ‘phone and laptop’ photo used in this post by Tim Bennett.

Sign-up to receive email notifications of new posts

0 replies

Take 6 Minutes to Secure Your Facebook Account