Three tips to keep your Facebook account secure in 2022
At best, becoming the victim of a Facebook account hack is a major nuisance. At worst, it’s:
a compromise of your personal information
a permanent loss of a personal asset (your Facebook account and any precious photos you uploaded, but no longer have saved on a personal device)
a risk to your Facebook friends, and more.
Everyone could stand to increase security for their Facebook accounts, but for business owners, there’s an additional threat: loss or damage to a company asset—your business page.
Recent patterns in phishing/hacking attempts
In the past few months, I’ve heard stories from friends about their accounts becoming compromised. I’ll share two:
In the first instance, a hacker postured as one of my friend’s customers, claiming they were locked out of their own Instagram account and needed my friend to share a six-digit verification code to help them get back into their account. My friend recognized their user name and shared the code that was sent to their phone. However, this code had nothing to do with their customer’s Instagram account and was actually relevant to his own account. The hacker was able to log into my friend’s Instagram account with the 6-digit code.
In a second instance, a weak Facebook password resulted in the complete and unrecoverable loss of a Facebook account. The hacker had correctly guessed the password, changed the password, and changed the email address associated with my friend’s account. There was no way for my friend to recover the account. Even by going through every single option Facebook provides for account recovery, because their original email was no longer associated with a Facebook account, there was no longer an account to recover. Their account eventually disappeared altogether.
Recently, I even received a notification of a fraudulently attempted log-in on my own account, despite having very strict security measures in place for my personal accounts. Facebook sent me a notification of the attempted login which disclosed the time, device type, device operating system, and approximate physical location of the attempt. The device type matched a device I owned, and the approximate physical location was close enough to my place of work. But upon further inspection, I realized that the operating system of the device in question was multiple versions older than the operating system of my own device. I was able to maintain my Facebook security only because I was vigilant enough to recognize that one of three clues was wrong.
The tips I'm about to share can help ensure your risk of a Facebook hack is as low as possible. They're ESPECIALLY relevant if you own, manage, or contribute to a Facebook/Meta business page, since a compromise to your personal account could mean a compromise to your business page, too.
From a desktop browser, follow these steps:
1. Make your email address private:
If your email address is visible on the “about” tab of your personal Facebook profile (either globally or even just to your friends), a hacker can extract your email and attempt to log into your Facebook account by simply guessing your password. To avoid this risk, consider updating the privacy settings of your email address on Facebook to “just me.”
Go to your profile > click "edit profile" > scroll to "edit your 'about' info" > navigate to "contact and basic info" > click the pencil icon next to your email address > under "select audience" click "only me" > exit the pop-up by clicking the "X" at the top > click the "save" button.
Congratulations, you’re now the only one who can view your email address on Facebook.
2. Set up two-factor authentication:
Two-factor authentication, also called multi-factor authentication, is an electronic authentication method used to enhance the security of. your online accounts. It prohibits a person from being able to log into an account without two or more pieces of evdience to an authentication mechanism. Typically, the password you use to log into your account is the first piece of evidence, and a 6-digit security code (either sent to your cell phone, email, or the app in question on a different device) that is only valid for one use within a few minutes of its generation.
I can’t stress this enough: every single log-in you have should be set up with two-factor authentication in order to maintain security. That means bank accounts, email accounts, social media accounts, your account for your employer’s payroll provider, etc. The nuisance of typing in a six-digit code every time you log in is always less than the nuisance of losing your digital assets and the resources associated with them.
To enable two-factor authentication in Facebook/Meta, follow these instructions:
At the menu bar at the top of your screen, there is a "v" arrow at the far right; click it > select "settings and privacy" from the menu > select "settings" from the next menu > on the next screen, under "settings" select "security and log in" > under "two-factor authentication" select "use two-factor authentication" > follow the prompts to finish setting up two-factor authentication using your preferred method (phone call, text message, authenticator app, etc.)
3. Update your password:
If your password is still some variation of your dog's name (or even any word in any language), use a password generator (LastPass provides a free one) to create a more secure password. We're talking uppercase, lowercase, numbers, and symbols. The longer and more complex your password is, the harder it is for a hacker or bot to guess it. Hive Systems, a cybersecurity company, shows just how easy it is for a hacker to crack your password (it’s scary). Save this complex password somewhere secure.
Closing thoughts
With a complex password, two-factor authentication security, and privacy around your email address, you can rest easy knowing your Facebook account is less likely to be compromised. But remember, cyber security isn’t just a one-and-done step; hackers and phishers get more advanced each year, so it’s important to stay informed about changes in risk and update your security measures accordingly.