The Nerdic
Sharing nerd stuff

15 best practices to secure Facebook account from hackers

Facebook is one of the most successful tech companies in the world. Because of its great features, many people had been attracted to it very much.

From selfies, chat, news, polls up to selling products online, Facebook covers almost every aspect of people’s lives in an online world.

But having a Facebook account ties significant responsibilities, one of that is keeping it secured.

In this article, we provide you 15 best practices that you should follow to protect your Facebook account from hackers.

1. Apply password security best practices.

password security best practices to secure facebook account

Image from

Let’s admit that we are annoyed every time we make a password. We keep a lot of passwords and that’s the reason why most people create the same password across all their accounts. They also forget to change them and when they do, it’s difficult to create stronger ones that can be remembered.

All of these are bad, therefore, we have to apply best practices in creating a secure password. Read this article to give you some hints: Secure an online account: Good password etiquettes to apply.

2. Never use public Wi-Fi or hotspots.

Risk of using public Wi-Fi
Risk of using public Wi-Fi (an illustration from

Many people connect to public Wi-Fi or hotspots due to convenience, however, this type of connection is often unsecured. A clever hacker could join this network too and aims to hack currently connected users using specialized hacking tools. Therefore, do not choose convenience over security.

3. Don’t show your current location in a Facebook post and chat.

Sample screenshot of Facebook's "Check In" feature
Sample screenshot of Facebook’s “Check In” feature

Facebook “Check In” feature can be convenient in some ways. For example, you want to meet up with a friend. And you want to know if he has arrived already in an agreed meeting place. Check In feature fits for that purpose.

Unfortunately, exposing your current location could also give a hint to a hacker where he can follow and attack you. Do not enable “Check In” feature in a post, otherwise, show only to people you trust.

Also, there is another Facebook feature called “Nearby Friends” available to Messenger app. It allows your friends to know your approximate location when you are nearby. Therefore, enable this feature when only important.

4. Limit who can view your list of friends

Privacy options for Facebook
Privacy options for Facebook

In a Facebook account where a list of friends can be viewed publicly, may also compromise your privacy and security.

For instance, someone with bad intention creates a dummy account. He will pretend to be your good friend and because of that, you accepted his friend request. Because you do not know his bad intentions, you’ve exchanged valuable information about yourself. He purposely did it to learn different strategies on how he can hack you.

Therefore, in this matter, you must be the only one who knows your list of friends.

To limit who can view your list of friends:
(For desktop computer):

  1. Go to your Facebook timeline
  2. Click on the “Friends” menu
  3. On the right edge, below cover photo, click Edit button (pencil icon) / edit Privacy
  4. Change Friend List, Following, and Followers options from “public” to “only me.”

(For mobile device):

  1. On the Facebook app, tap the Menu button
  2. Scroll down and tap Settings & Privacy then Settings
  3. Finally, go to the Privacy section, tap Privacy Settings, select “Only me” to the following questions:
    Who can see the people, Pages and lists you follow?
    Who can see your friends lists?

5. Limit or remove third-party apps, games or websites that are connected to your Facebook account

Removed unneccesary apps, websites and games that gain access to your facebook account
List of removed apps, website and games in Facebook

Some third-party apps integrated into your Facebook account could compromise your security in one way or another. Such as those that contain hidden adware, malicious script or in an event of a security breach faced by a third-party app.

So better be safe than sorry, do not let those apps make your digital life miserable. Limit or avoid them completely, follow the following procedure.

To remove an app or game you’ve added, follow the instructions below.
(For mobile device):

  1. Tap Menu.
  2. Scroll down and tap Settings & Privacy > Settings.
  3. Scroll down to Security > Apps and Websites.
  4. Tap Logged in with Facebook.
  5. Tap next to the apps or games you want to remove and tap REMOVE.

(For desktop computer):

  1. On the top-right corner, click the inverted triangle icon (next to help).
  2. Choose Settings.
  3. Click Apps and Websites in the left menu.
  4. Click the box next to the apps or games you’d like to remove and click Remove.

To turn off Facebook’s third-party integration completely, do the following
(For mobile device):

  1. Tap Menu.
  2. Scroll down and tap Settings & Privacy > Settings.
  3. Go to Security > Apps and Websites.
  4. Go to Apps, Websites and Games and tap Edit.
  5. Finally, tap Turn Off.

(For desktop computer):

  1. Click on the top-right corner of Facebook (beside help menu) then click Settings.
  2. In the left menu, click Apps and Websites.
  3. Scroll down to the Apps, Websites and Games section and click Edit.
  4. Lastly, click Turn Off

6. Download the Facebook app from official sources only.

Download facebook app from Google Play Store
Facebook app installed from Google Play Store

Get the Facebook application from official sources only, such as App Store (iOS), Play Store (Android) and Microsoft Store (Windows).

If you download from an unknown source (unpopular download sites), it may contain annoying adware or dangerous malware. Aside from that, they do not enforce integrity and safety checks for their apps. Legitimate app stores apply rigorous checks to every app uploaded to them before it gets listed to their store. For this reason, download from legitimate sources only.

7. Login to Facebook using an updated browser.

Updated Google Chrome browser
Updated Google Chrome browser

Every year, hundreds of security vulnerabilities and bugs are being discovered on various browsers. To solve this, browser makers such as Google, Microsoft, Mozilla, and Apple constantly release security updates and feature enhancements for their browsers.

Thus, using an updated browser to access facebook keeps you free from most common security and functionality issues.

8. Use an anti-virus with anti-phishing feature

Fake facebook login site
Screenshot of fake Facebook login showing a malformed URL

Nowadays, phishing or website spoofing is one of the most common attacks that both individuals and companies face in keeping their accounts secure. Phishing is a way of stealing user accounts and virus spreading.

Good thing, later version of browsers have a built-in anti-phishing enabled by default. If that isn’t good enough, use an anti-virus with an effective anti-phishing function.

Facebook has more than one billion active users, hence it becomes a prominent phishing target. Now, to see how a phishing site looks like, see the example picture.

A real facebook site starts with URL (uniform resource locator). For small devices, it starts with URL (the only difference is letter m which indicates mobile). Other than those, it is a phishing site, beware!

9. Use only trusted computers or mobile devices to log in Facebook

Using a computer or mobile devices you don’t know or trust poses security risk too. Some might have a hidden keylogger installed and running.  A keylogger program records almost everything you enter, including passwords you care about. Also, you’ll notice that still many people log in to Facebook in computer shops and public computer terminals.  Now that you know it’s dangerous, avoid it!

10. Think before you click.

Do not open links sent to your Facebook Messenger without knowing what it is. Others may tag you in a post showing much look like a video. Sometimes these people sharing suspicious link or content had already been infected or hacked. They keep spreading malicious links without their knowledge.

Therefore, be sure to have anti-virus software actively monitoring your web activity to protect you from malicious content.

11. Check for suspicious login sessions and devices

Sample screenshot of Facebook current and previous login sessions
Sample screenshot of Facebook current and previous login sessions on desktop

It is also important to review the devices that have gained access to your account as well as your active sessions. 

To review login sessions, follow the instructions below.
(For mobile device)

  1. Tap Menu
  2. Go to Settings under Settings & Privacy
  3. Scroll down, under Security, tap Security and Login
  4. Below “Where you’re logged in,” tap “See More,” you’ll see a list of current and earlier login sessions. 
  5. If you notice something suspicious, tap the vertical dots on the right side and tap “Log Out” (or tap “Log Out of All sessions” ).
  6. Just follow what Facebook says.

On a desktop browser, it’s pretty much the same to a Facebook mobile app. Go to Settings, on the left side, hit Security and Login. There, you can log out unrecognized login sessions. Bookmark it just in case you’ll need it again.

12. Activate Login Notifications

alerts about unknown logins

Activating login notifications for your Facebook account is another good practice. It’ll alert you every time your Facebook account is opened from a new device. You’ll also get text message alerts on a mobile number you registered to your account.

To get alerts about unknown logins, do the following.
(for mobile device)

  1. Tap Menu.
  2. Scroll down to the bottom of the menu and tap Settings & Privacy > Settings
  3. Tap Security and Login.
  4. Tap Get alerts about unrecognized logins.
  5. Select where you want to get alerts. You can also add another e-mail or your mobile number.
  6. Click Save Changes.

(For desktop computer)

  1. Go to Security and Login Settings by clicking the inverted triangle (next to help icon) then click Settings from the drop-down menu.
  2. Click Security and Login on the left menu.
  3. Go to Get alerts about unrecognized logins under
    “Setting Up Extra Security” then click Edit.
  4. Select where you want to get alerts. You can also add another e-mail or your mobile number.
  5. Click Save Changes.

13. Enable Two-Factor Authentication (2FA)

facebook mobile two-factor authentication screen
Facebook’s 2FA, different authentication methods (Photo from

You’ve probably heard about Two-Factor Authentication (2FA) and Two-Step Verification. Those terms became two of the most implemented methods in securing an online account.

Facebook has introduced two-factor authentication (aka Login Approvals) since 2011 to combat account hacking. It adds an extra layer of protection for your account in addition to your password. If you enabled 2FA, you’ll be required to enter a special security code or confirm your login attempt each time someone tries accessing your account from a computer or mobile device Facebook doesn’t recognize.

To turn on two-factor authentication
(for mobile device):

  1. Tap Menu.
  2. Scroll to the bottom and tap Settings.
  3. Scroll down and tap Security and Login.
  4. Scroll down and tap Use two-factor authentication.
  5. Tap the box next to Two-factor authentication.

(For desktop computer):

  1. Go to your Security and Login Settings by clicking on the top-right corner of Facebook then clicking Settings > Security and Login.
  2. Scroll down to Use two-factor authentication then click Edit.
  3. Select an authentication method you want and follow the on-screen instructions.
  4. Click Enable once you’ve selected and turned on an authentication method.

There are several 2FA methods that you can use with your Facebook account when logging in from an unknown PC, laptop, or mobile device. Choose either:

  • Text message (SMS) codes that come from your mobile phone.
  • Login codes from a third-party authentication app.

14. Add 3 to 5 friends as trusted contacts or authenticators

Trusted contacts helps you recover your Facebook account
Trusted contacts help you recover your Facebook account

Letting your friends as trusted contacts can greatly help you in an event where all other account recovery methods don’t work or unable to use.

To choose your trusted contacts, follow the instructions below
for mobile device):

  1. Tap Menu.
  2. Scroll down and tap Settings > Security and Login.
  3. Scroll down and tap Choose 3 to 5 friends to contact if you get locked out.
  4. Tap Choose Trusted Contacts and follow the on-screen instructions.

(For desktop computer):

  1. Go to your Security and Login settings.
  2. Scroll down to Choose 3 to 5 friends to contact if you get locked out and click Edit.
  3. Click Choose friends and follow the on-screen instructions.

After you’ve selected your trusted contacts, they will be able to send you a code with a unique URL that you can use to recover your Facebook account.

15. Other important considerations to secure your Facebook account

  • Do not accept a friend request from someone you don’t know personally.
  • When posting information, choose an appropriate audience level. Avoid public posting when it contains your sensitive personal information. Hence, a hacker will scan through your public post and use this valuable information to hack your account. Therefore, setting to private is your best option.
  • If you always buy or advertise something through Facebook, make sure to review your payment history more often.
  • Help Facebook in fighting against spam and malicious content. If you see something inappropriate, report the post.
  • Lastly, review and update other Facebook settings not mentioned here. Don’t worry, Facebook has easy to follow instructions in different languages. 

Final thoughts

2018 is a very tough year for Facebook.  Two major scandals had shaken the social media giant tremendously.  One is data misuse scandal which involves Cambridge Analytica and the other one just recently, a massive data breach. The breach affects around 50 million social media accounts. Even worse, the extent of damage isn’t clear yet until now.

Somehow, this might be a sign for them to rethink their security division to a higher level. Likewise, it tells us to consider account security is as important as maintaining our physical well-being.

Attack the enemy strategy, Sun Tzu, Art of War
Sun Tzu, Art of War quote

If you have other ideas or suggestions in mind, don’t hesitate to share it in the comment section below.

Get real time updates directly on you device, subscribe now.


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More