12 Steps To Secure Your Facebook Account
Facebook got rid of the “trusted contacts” feature. You might’ve seen the notice in the Facebook app last year.
If you had the trusted contacts feature set up now your chosen friends will no longer be able to help you get back on Facebook if you lose access to your account. Ugh.
Most likely, this is yet another of the myriad features Facebook chooses to nix without explanation because not that many people were using it. Which could be tens of millions, but not hundreds of millions or a billion or more.
The way Facebook worded the notification, it was definitely confusing and not clear… typical FB.
“Trusted contacts ends soon.” — could be interpreted like it’s time to review, change, edit or update your trusted contacts… Certainly that was my very first thought. Hmph.
I would reword the notification to, “Facebook is removing the trusted contacts feature altogether (on xyz date). But, rest assured, here are 12 ways to protect your account and stay safe.” There, much better!
SO, whether you had trusted contacts set up in the past or not, here is a solid checklist of all the actions you should absolutely have in place to ensure your Facebook account is super solid, safe and secure.
Follow These 12 Action Steps to Secure Your Facebook Account
On desktop or mobile, navigate to your Facebook Settings and follow these steps.
Step #1: Set up 2-factor or multi-factor authentication
2FA (two-factor authentication) or MFA (multifactor authentication) is an absolute MUST. In fact, get this: if you’re running ads, your ads will quite possibly perform better so long as EVERY admin of your Page has 2FA set up.
This is the most critical step. And, not only that, you might even see ever-so-slightly better organic reach so long as every admin of your Page has 2FA set up!! Yes, it’s that vital! So, get ‘er done, my friends!
You access 2FA under your Security and Login settings.
Most people utilize SMS to receive a code via text message. BUT, that is actually not the most secure way to set up 2FA as phone numbers can be spoofed. Ugh, I know, right?!
So, for optimal security, it’s much more effective to use an Authenticator app. I cannot stress this strongly enough! Google Authenticator (iOS or Android) and Duo Mobile are among the top authenticator apps.
If you’re not a techie and find it confusing to have a separate mobile app that generates codes for you to use to login to your vital sites, please get some help from a trusted person who understands this process. It’s really not that difficult, though!
Step #2: Only use long and cryptic passwords
Ensure your password is long and cryptic. If you can remember your password (for anything!), it’s not cryptic enough.
So long as you are using a strong password – along with 2FA – you shouldn’t need to change your password that often. But, some security experts suggest changing your password every few months.
Step #3: Set up a USB Security Key for maximum security
For maximum security, ALSO set up a USB Security Key.
For more information, suggested devices and instructions, here’s a helpful post on Tom’s Guide. What is a USB security key, and how do you use it?
Step #4: Always use a trusted password manager tool
Do not ever rely on your memory or a non-secure way of logging passwords. Always use a reputable password manager tool, e.g. LastPass, 1Password, etc.
Step #5: Do not share your login credentials
Never ever share your login credentials with anyone, for any reason.
To share access to your business page, use Business Manager or Business Suite and add Admins with appropriate roles, ensuring they also have 2FA set up.
Step #6: Enable login alerts
Set up extra security by enabling “Get alerts about unrecognized logins.” Select notifications on Facebook and by email.
NOTE: Facebook used to have the option to get login alerts via Messenger and/or SMS, but those two options are going away. Instead, only in-app notifications + email are options, which is still just fine!
Step #7: Check Logged In Sessions
Periodically check your Logged In Sessions and remove any that you no longer need. This is especially vital if you ever used a public or shared computer to access your Facebook account.
Step #8: Review connected Apps and Websites
Under Settings, periodically check which Apps and Websites are connected to your Facebook account and still have active access. Remove any you no longer need or use.
Step #9: Review your Business Integrations
Regularly review your Business Integrations – these are apps and services that you’ve used Facebook to log into. Again, remove any you no longer need or use.
Step #10: Large following? Consider hiding
You might want to hide your Friends and Followers on your personal profile if you have a large number of them. The setting is under the 3 dots on your Friends or Followers tab. This is particularly important for profiles that get impersonated as it looks very enticing to a scammer to be able to act as you and try to scam your entire network.
The bad actors create a new account with a name that looks very close to yours; they’ll use your profile picture, send friend requests to all your publicly visible friends and then spam them with scam links. This icky scam was very prevalent on Instagram for the longest time, causing some account owners to switch to a private account.
If your account ever does get impersonated on Facebook and/or Instagram (not hacked, but impersonated with a new/similar account name), all you can do really is report the offending account. And ask your friends and followers to report it for impersonating you.
Step #11: Be ultra careful with suspicious links
Always be very careful to check any links sent to you via DM and/or email that seem to come from Meta / Facebook (or even from trusted friends, as it’s possible they got hacked).
Phishing is rampant these days and the scammers are getting cleverer by the day; it’s all too easy to fall prey to something that looks too good to be true. If in doubt, do not click!
Step #12: Review browser extensions
Make sure to keep your web browser up to date and remove any suspicious applications or browser add-ons or extensions.
Bonus Step: Download your information
This setting allows you to download everything you’ve ever posted on Facebook and it’s a solid best practice for both your personal profile and business Page, as at least you would own a back up off of Facebook. (Just like you back up your website or blog).
I would recommend downloading your information a minimum of once a year, but maybe 2-4 times a year depending on how much you post! (See Step #9.9 on this post).
Related: Facebook account hacked? Business Manager hacked? Here’s how to get help
Hopefully you’ll be more confident about how secure your Facebook account is after taking these 12 steps!
Make sure you’re following my Facebook Page to stay up to date with all things Facebook and social media marketing.
For our fellow small business owners, social media professionals, entrepreneurs, marketers, agencies – if you’re not already a member, do join my Social Scoop Facebook Group for tons of wonderful peer support and access to me and my team. We keep over 22,000 members up to date on the latest Facebook & social media news, platform changes, updates, tools, and tips.
Need help with your Facebook marketing? Join the wait list for my most popular program #FBOMM: Facebook Organic Marketing Masterclass Season Five is coming soon!