best practices to secure Facebook account from hackers

From selfies, chat, news, polls up to selling products online, Facebook covers almost every aspect of people’s lives in an online world.

But having a Facebook account ties significant responsibilities, one of that is keeping it secured.

In this article, we have collected fifteen best practices you should apply in order to protect your Facebook account from hackers.

1Apply password security best practices.

Image from

Let’s admit that we are annoyed every time we make a password. We keep a lot of passwords and that’s the reason why most people create the same password across all their accounts. They also forget to change them and when they do, it’s difficult to create stronger ones that can be remembered.

All of these are bad, therefore, we have to apply best practices in creating a secure password. Read this article to give you some hints: Secure an online account: Good password etiquettes to apply.

2Never use public Wi-Fi or hotspots.

Risk of using public Wi-Fi (an illustration from

Many people connect to public Wi-Fi or hotspots due to convenience, however, this type of connection is often unsecured. A clever hacker could join this network too and aims to hack currently connected users using specialized hacking tools. Therefore, do not choose convenience over security.

3Don’t show your current location in a Facebook post and chat.

Sample screenshot of Facebook’s “Check In” feature

Facebook “Check In” feature can be convenient in some ways. For example, you want to meet up with a friend. And you want to know if he has arrived already in an agreed meeting place. Check In feature fits for that purpose.

Apparently, exposing your current location could also give a hint to a hacker where he can follow and attack you. Do not enable “Check In” feature in a post, otherwise, show only to people you trust.

Also, there is another Facebook feature called “Nearby Friends” available to Messenger app. It allows your friends to know your approximate location when you are nearby. Therefore, enable this feature when only important.

4Limit who can view your list of friends

Privacy options for Facebook

In a Facebook account where a list of friends can be viewed publicly, may also compromise your privacy and security.

For instance, someone with bad intention creates a dummy account. He will pretend to be your good friend and because of that, you accepted his friend request. Because you have no knowledge of his bad intentions, you’ve exchanged valuable information about yourself. He purposely did it to learn different strategies on how he can hack you.

Therefore, in this matter, you must be the only one who knows your list of friends.

To limit who can view your list of friends:
(For desktop computer):

  1. Go to your Facebook timeline
  2. Click on the “Friends” menu
  3. On the right edge, below cover photo, click Edit button (pencil icon) / edit Privacy
  4. Change Friend List, Following, and Followers options from “public” to “only me.”

(For mobile device):

  1. On Facebook app, tap the Menu button
  2. Scroll down and tap Settings & Privacy then Settings
  3. Finally, go to Privacy section, tap Privacy Settings, select “Only me” to the following questions:
    Who can see the people, Pages and lists you follow?
    Who can see your friends lists?

5Limit or remove third-party apps, games or websites that are connected to your Facebook account

List of removed apps, website and games in Facebook

Some third-party apps integrated into your Facebook account could compromise your security in one way or another. Such as those that contain hidden adware, malicious script or in an event of a security breach faced by a third-party app.

So better be safe than sorry, do not let those apps make your digital life miserable. Limit or avoid them completely, follow the following procedure.

To remove an app or game you’ve added, follow the instructions below.
(For mobile device):

  1. Tap Menu.
  2. Scroll down and tap Settings & Privacy > Settings.
  3. Scroll down to Security > Apps and Websites.
  4. Tap Logged in with Facebook.
  5. Tap next to the apps or games you want to remove and tap REMOVE.

(For desktop computer):

  1. On the top-right corner, click the inverted triangle icon (next to help).
  2. Choose Settings.
  3. Click Apps and Websites in the left menu.
  4. Click the box next to the apps or games you’d like to remove and click Remove.

To turn off Facebook’s third-party integration completely, do the following
(For mobile device):

  1. Tap Menu.
  2. Scroll down and tap Settings & Privacy > Settings.
  3. Go to Security > Apps and Websites.
  4. Go to Apps, Websites and Games and tap Edit.
  5. Finally, tap Turn Off.

(For desktop computer):

  1. Click on the top-right corner of Facebook (beside help menu) then click Settings.
  2. In the left menu, click Apps and Websites .
  3. Scroll down to the Apps, Websites and Games section and click Edit.
  4. Lastly, click Turn Off

6Download Facebook app from official sources only.

Facebook app installed from Google Play Store

Get the Facebook application from official sources only, such as App Store (iOS), Play Store (Android) and Microsoft Store (Windows).

If you download from an unknown source (unpopular download sites), it may contain annoying adware or dangerous malware. Aside from that, they do not enforce integrity and safety checks for their apps. Legitimate app stores apply rigorous checks to every app uploaded to them before it gets listed to their store. For this reason, download from legitimate sources only.

7Login to facebook using an updated browser.

Updated Google Chrome browser

Every year, hundreds of security vulnerabilities and bugs are being discovered on various browsers. To solve this, browser makers such as Google, Microsoft, Mozilla, and Apple constantly release security updates and feature enhancements for their browsers.

Thus, using an updated browser to access facebook keeps you free from most common security and functionality issues.


8Use an anti-virus with anti-phishing feature

Screenshot of fake Facebook login showing a malformed URL

Nowadays, phishing or website spoofing is one of the most common attacks that both individuals and companies face in keeping their accounts secure. Phishing is a way of stealing user accounts and virus spreading.

Good thing, later version of browsers have a built-in anti-phishing enabled by default. If that isn’t good enough, use an anti-virus with an effective anti-phishing function.

Facebook has more than one billion active users, hence it becomes a prominent phishing target. Now, to see how a phishing site looks like, see the example picture.

A real facebook site starts with URL (uniform resource locator). For small devices, it starts with URL (the only difference is letter m which indicates mobile). Other than those, definitely it is a phishing site, beware!

9Use only trusted computers or mobile devices to log in Facebook

Using a computer or mobile devices you don’t know or trust poses security risk too. Some might have a hidden keylogger installed and running.  A keylogger program records almost everything you enter, including passwords you care about. However, you’ll notice that still many people log in to Facebook in computer shops and public computer terminals.  Now that you know it’s dangerous, avoid it!

10Think before you click.

Do not open links sent to your Facebook Messenger without knowing what it is. Others may tag you in a post showing much look like a video. Sometimes these people sharing suspicious link or content had already been infected or hacked. They keep spreading malicious links without their knowledge.

Therefore, be sure to have an anti-virus software actively monitoring your web activity to protect you from malicious content.

11Check for suspicious login sessions and devices

Sample screenshot of Facebook current and previous login sessions on desktop

It is also important to review the devices that have gained access to your account as well as your active sessions. 

To review login sessions, follow the instructions below.
(For mobile device)

  1. Tap Menu
  2. Go to Settings under Settings & Privacy
  3. Scroll down, under Security, tap Security and Login
  4. Below “Where you’re logged in,” tap “See More,” you’ll see a list of current and earlier login sessions. 
  5. If you notice something suspicious, tap the vertical dots on the right side and tap “Log Out” (or tap “Log Out of All sessions” ).
  6. Just follow what Facebook says.

On a desktop browser, it’s pretty much the same to Facebook mobile app. Go to Settings, on the left side, hit Security and Login. There, you can log out unrecognized login sessions. Bookmark it just in case you’ll need it again.

12Activate Login Notifications

Activating login notifications for your Facebook account is another good practice. It’ll alert you every time your Facebook account is opened from a new device. You’ll also get text message alerts on a mobile number you registered to your account.

To get alerts about unknown logins, do the following.
(for mobile device)

  1. Tap Menu.
  2. Scroll down to the bottom of the menu and tap Settings & Privacy > Settings
  3. Tap Security and Login.
  4. Tap Get alerts about unrecognized logins.
  5. Select where you want to get alerts. You can also add another e-mail or your mobile number.
  6. Click Save Changes.

(For desktop computer)

  1. Go to Security and Login Settings by clicking the inverted triangle (next to help icon) then click Settings from the drop-down menu.
  2. Click Security and Login on the left menu.
  3. Go to Get alerts about unrecognized logins under
    “Setting Up Extra Security” then click Edit.
  4. Select where you want to get alerts. You can also add another e-mail or your mobile number.
  5. Click Save Changes.

13Enable Two-Factor Authentication (2FA)

Facebook’s 2FA, different authentication methods (Photo from

You’ve probably heard about Two-Factor Authentication (2FA) and Two-Step Verification. Those terms became two of the most implemented methods in securing an online account.

Facebook has introduced two-factor authentication (aka Login Approvals) since 2011 to combat account hacking. It adds an extra layer of protection for your account in addition to your password. If you enabled 2FA, you’ll be required to enter a special security code or confirm your login attempt each time someone tries accessing your account from a computer or mobile device Facebook doesn’t recognize.

To turn on two-factor authentication
(for mobile device):

  1. Tap Menu.
  2. Scroll to the bottom and tap Settings.
  3. Scroll down and tap Security and Login.
  4. Scroll down and tap Use two-factor authentication.
  5. Tap the box next to Two-factor authentication.

(For desktop computer):

  1. Go to your Security and Login Settings by clicking in the top-right corner of Facebook then clicking Settings > Security and Login.
  2. Scroll down to Use two-factor authentication then click Edit.
  3. Select an authentication method you want and follow the on-screen instructions.
  4. Click Enable once you’ve selected and turned on an authentication method.

There are several 2FA methods that you can use with your Facebook account when logging in from an unknown PC, laptop, or mobile device. Choose either:

  • Text message (SMS) codes that come from your mobile phone.
  • Login codes from a third-party authentication app.

14Add 3 to 5 friends as trusted contacts or authenticators

Trusted contacts helps you recover your Facebook account

Letting your friends as trusted contacts can greatly help you in an event where all other account recovery methods don’t work or unable to use.

To choose your trusted contacts, follow the instructions below
for mobile device):

  1. Tap Menu.
  2. Scroll down and tap Settings > Security and Login.
  3. Scroll down and tap Choose 3 to 5 friends to contact if you get locked out.
  4. Tap Choose Trusted Contacts and follow the on-screen instructions.

(For desktop computer):

  1. Go to your Security and Login settings.
  2. Scroll down to Choose 3 to 5 friends to contact if you get locked out and click Edit.
  3. Click Choose friends and follow the on-screen instructions.

After you’ve selected your trusted contacts, they will be able to send you a code with a unique URL that you can use to recover your Facebook account.

15Other important considerations to secure your Facebook account

Sun Tzu, Art of War quote
  • Do not accept a friend request from someone you don’t know
  • When posting information, choose an appropriate audience level. Avoid public posting when it contains your sensitive personal information. Hence, a hacker will scan through your public post and use this valuable information to hack your account. Therefore, setting to private is your best option.
  • If you always buy or advertise something through Facebook, make sure to review your payment history more often.
  • Help Facebook in fighting against spam and malicious content. If you see something inappropriate, report the post.
  • Lastly, review and update other Facebook settings not mentioned here. Don’t worry, Facebook has easy to follow instructions in different languages. 

Final thoughts

2018 is a very tough year for Facebook.  Two major scandals had shaken the social media giant tremendously.  One is data misuse scandal which involves Cambridge Analytica and the other one just recently, a massive data breach. The breach affects around 50 million social media accounts. Even worse, the extent of damage isn’t clear yet until now.

Somehow, this might be a sign for them to rethink their security division to a higher level. Likewise, it tells us to consider account security is as important as maintaining our physical well-being.

If you have other ideas or suggestions in mind, don’t hesitate to share it in the comment section below.