If you’re like the average Facebook user, you have 130 Facebook friends. Those friends may include your mom, your best friend from 5th grade, your boss. (If your friends list includes people you don’t know, you should audit your account right now. )
Now, what happens if your Facebook account is taken over by a spammer or a scammer? Or maybe a disgruntled ex gets control of your profile and starts posting shameful things on your friends’ walls. Could you brush it off and tell yourself, “It’s just the Internet. Who cares?” Probably not.
Hackers are out there—helping each other to take advantage of lax security. So here’s what you need to know to keep strangers out of your account. If you’re in a hurry, the most important information is on top.
Use a strong password and don’t let your browser remember it
Your password is the key to your Facebook castle. If it isn’t strong, if it includes things that your friends and exes can guess, you’re leaving your drawbridge wide open. Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system.
And tell Firefox, or whatever browser you use, that you don’t want it remembering your passwords. Don’t make life easier for hackers. (To clear your passwords in Firefox, go to “Tools” then “Clear Private Data” the close and reopen Firefox.)
Use unique passwords for all of your important accounts (and update them whenever you go the dentist)
For any account that really matters—your email, your bank and credit card accounts, Facebook—you need to use a unique, strong password that you do not use for any other account. Whenever a site is hacked, you see that this creates a security crisis across the Web. Why? People reuse passwords. Don’t be one of those people.
And yes, you should update the passwords of your most important accounts. How often? Some say every month. Some say every few months. How about whenever you’ve just gotten home from the dentist? You’ll be in the mood for a little pain. And if you’re the kind of a person who sees a dentist more than twice a year, you should be as careful with your passwords as you are with your teeth.
Of course, if you recognize any suspicious account activity in your account, change your password immediately.
Make sure your system software and Internet security are updated
All the security in the world won’t help you if your PC is infected with a keylogger that can track every letter you type. Updated system and Internet Security can’t stop you from making security mistakes. But it can prevent most of the common attacks out there. Our free Health Check will tell you if your PC is protected.
Watch where you click and watch where you land
Cybercriminals have mastered a devious method of stealing passwords: they ask you for them. This method is called Phishing and it works because it’s easy to make any webpage in the world look official and reputable. A page that looks just like a Facebook profile can be replicated in minutes. That’s why you always need to check the URL in your browser to make sure you’re on Facebook whenever you enter your private information. And if you ever have any doubt about something that has been posted in your newsfeed, follow the Golden Rule of Social Media Security and don’t click.
Always log out
You’re not keeping hackers out by staying logged in. They still can get in and you’re leaving your account open for a snarky co-worker or invasive family member to pry. And once someone is inside your account, they can change your password to keep you out.
How To Make Sure You Can Get Your Account Back If It Is Hacked
If you start using a new email account, update Facebook settings
If your account is hacked, you need access to the email account you have in your settings. If you can’t get into that email because it’s closed, you’ve just greatly limited your chance of recovering your account.
Do what Facebook recommends
Facebook now rates how secure your account is. It’s a powerful feature, as long as you take it seriously. If your account “Overall Protection” is rated “low”, Facebook will prompt you to add some information. Do this!
Add a secondary email
Facebook asks for a secondary email. This helps Facebook because now it will be able to connect you with more friends. And it helps you if you ever lose access to your primary email, or if your primary email gets hacked. So only add a secure email account with a unique password.
You can add your secondary email by going to “Account” > “Account Settings”> Find “Email” and click on “change”.
Add your mobile number
Adding your cell phone number gives you a secondary way to claim your hacked account. It also gives you the ability to get one-time passwords, which I’ll explain later. To change or add your mobile number, go here. On that same page, be sure to edit your notifications or Facebook will be texting you nonstop.
Keep in mind that your Facebook account security now depends on your mobile security, so I recommend that you have some way to lock or wipe your phone if you lose it. Our Free Anti-Theft for Mobile does just that.
Add a strong security question
Make sure you choose a question that only you can answer. The last five digits of your driver’s license are probably better answer than the name of your first pet—since your friends and family may know that. The worst answer, of course, would be one that a stranger could figure out by looking at your profile.
For Extra Protection
Activate Account Protection
Want to be notified whenever a new computer logs into your account? Activate Account Protection.
Why would you want to do this? Because if someone gets into your account on a device you don’t recognize, you can login to Facebook and “end activity” on that login. Then you can, hopefully, change your password before the intruder does.
Once you activate this feature, you’ll have to identify ever device you login from. It’s slightly annoying, but it gives you the kind of control of your account that will keep your account safe.
To activate Account Protection and “end activity” on any Facebook sessions you didn’t initiate, go to “Account” > “Account Settings”> Find “Account Protection” and click on “change”.
Use One-Time Passwords on public computers
If you use Facebook on public computers, such as at school or the library, you should use Facebook’s One-Time password feature. On a public computer, you have no idea what kinds of programs are running that could be used to log your account information. By using a unique password each time, you remove the risk that your credentials will be stolen.
To do this you need to set up and verify your SMS number. Go here and add in your mobile number. You’ll then need to verify the number by entering a code that will be sent to you. Once this is done, you can send a text message to 32665 with the message “otp” whenever you’re about to login on a public computer. Your One-Time Password will work for 20 minutes after you receive it.
Follow us on Facebook for more tips on securing your account.
Are there any special methods you use to keep your account safe? Post them in the comments.
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017