Whether we like it or not, we are storing a large amount of sensitive data on the Facebook platform and our dependency on it grows each day. It is extremely dangerous if we were to lose the control of our Facebook account to unauthorised parties.
Fortunately, there are a few simple steps that anyone can do to keep their Facebook account secure. You don’t need to be a skilled programmer or a security professional to follow along!
Use a strong unique password
Weak and repeated passwords are the most common ways a hacker will be able to gain access to your accounts. Using a password manager is recommended so you can generate a strong unique password and store it securely.
Here’s some password managers available on the market:
Enable two-factor authentication
Google data shows 2-factor authentication blocks 100% of automated bot hacks
Also known as 2FA, enabling this feature will force any logins to your Facebook account to require both your password and a temporary security code provided to you via your choice of a 2FA app or texted to your mobile phone number.
Although Facebook lets you choose to either use a 2FA app or your mobile phone number, I would encourage the use of an app rather than your mobile number as using a mobile phone number exposes you to the risk of a SIM port attack.
Here’s some 2FA apps available:
- Authy (free)
- Google Authenticator (free)
- LastPass Authenticator (free)
- 1Password (paid, as part of their password manager service)
Enable alerts on login
Facebook offers the functionality to alert you on unrecognised logins. It is extremely useful to be notified if an unauthorised party has accessed your account so you can take appropriate measures immediately.
Add trusted contacts
If you have added trusted contacts to your Facebook account, those trusted contacts are able to provide you a code and URL to log back into your account in the case your account has been compromised.
Review where you’re logged in currently
Facebook displays a history of where you have been logged in including the type of the device and the location. Make sure you go through the list and ensure there are no suspicious activities shown.
Review authorised logins
Under two-factor authentication, Facebook will have a list of devices that have been authorised to be used without a login code. Make sure the list only contains device that you’re aware of. If you’re unsure, remove all devices.
Use an undisclosed email address
Many automated attacks will use email addresses leaked from other services. You should avoid using the same email for both your Facebook and other services. If you’re using a gmail account you can add a ‘+’ suffix to your email account instead (e.g. myemail+myfb@gmail.com). Doing so will prevent attackers from knowing what email you used for your Facebook account.
You should also hide your email address (or preferably all your contact information) from your profile.
Thanks for reading and stay safe online!
Even
I write about software, infosec and devops
