How to keep your account from getting hacked
open allWhat for: So you don't get hacked.
If you use a short and simple password for your Facebook account, cybercriminals can guess it and hijack your account. A long and complex password is more secure. Use a strong password that:
- Is at least 8 and up to 20 characters long;
- Contains lowercase and uppercase letters, numbers, and special characters ($, @, etc.);
- Is not an actual word or easy-to-guess phrase;
- Is not the same as your passwords for any other accounts;
- Does not consist of information that strangers could easily find out (your name, date of birth, pet's name, and so forth — or those of your friends or relatives).
To change your password:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Security and login in the menu on the left;
- Select Change password under Login;
- Enter your current Facebook password;
- Enter a new strong password twice;
- Click Save changes.
What for: So you definitely don't get hacked.
Facebook can be configured to request a one-time code or physical security key when you log in to your account. That way, even if cybercriminals learn your username and password, they will not be able to use them without the one-time code or security key. The code is sent via SMS to your specified phone number or generated in a dedicated application (for example, Google Authenticator), while the security key is a small hardware device used to authorize your login.
To enable two-factor authentication:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Security and login in the menu on the left;
- Select Use two-factor authentication;
- If you see a warning about being redirected to another page, confirm this action;
- Enter the current password for your Facebook account;
- Select an additional verification method:
- By Text Message (SMS) to the phone number linked to your Facebook account or another number (for example, a SIM card on another device):
- Select Text message (SMS). If a phone number is not linked to your Facebook account, you will have to enter it and click Continue;
- In the window that opens, enter the code that Facebook sends to the phone number linked to the account;
- With a code generated by another app, such as Google Authenticator:
- To activate two-factor authentication using an app, select Authentication app;
- Scan the QR code that appears using your authentication app and click Continue;
- Enter the confirmation code from the authentication app;
- With a security key:
- To use this, click the corresponding button;
- Then insert your security key into your device and click Register security key;
- Confirm your choice.
Remember that a text message with the code can be intercepted by malware, which is why using a two-factor authentication app or security key is a safer option. Facebook can also use the phone number you linked to your profile for targeted advertising.
With two-factor authentication, you can log in to your account even if you lose your phone. For that, you need the recovery codes. To get them:
- On the same page, click Setup next to Recovery codes;
- Click Get codes.
Each of the ten codes can be used only once. Write them down, copy them, or take a screenshot of them, and keep the information in a safe place.
What for: So nobody can log in to your account on your old phone.
By default, Facebook trusts any devices from which you previously logged in to the social network. When signing in on them, a one-time code is not requested. If your old phone ends up in the hands of strangers, they will be able to log in to your account bypassing two-factor authentication. To avoid this, include only devices that you currently use in the trusted list:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Security and login in the menu on the left;
- Select Authorized logins;
- Select any devices that you don't use, and click Remove.
If necessary, you can still log in to Facebook from any device using two-factor authentication.
What for: To change your password promptly if you get hacked.
Facebook can notify you every time your username and password are entered in a new browser or on a new device. If a stranger logs in to your account, you will be notified so that you can change your password right away. To this end, the social network will send you an e-mail or notification to a trusted device.
To enable suspicious activity alerts:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Security and login in the menu on the left;
- Click Get alerts about unrecognized logins;
- Tick Get notifications and Get email alerts at and click Save changes. (If necessary, enter your password to confirm your choice.)
We recommend activating both alert channels so that you can receive warnings even if one of the channels is unavailable, for example if you lose your phone or your e-mail is hacked.
How to keep corporations out of your business
open allWhat for: To prevent potential data leaks.
Many apps and websites allow users to sign in with their Facebook account. That gives the owners of such third-party services access to your publicly available information and profile-linked e-mail address. Developers that have passed a review can request permission to create posts on your behalf or send you advertising messages.
In general, logging in through Facebook can be convenient: It eliminates the need to create and memorize logins and passwords for each service. However, after logging in to a website through Facebook, we may forget we did so. As a result, the account becomes linked over time to a long list of third-party resources.
Remember that services connected to your account can become a source of data leaks or post advertising messages on your behalf. Although Facebook clears the access list automatically, we recommend manually removing any unwanted services from this list from time to time.
To see which sites and apps have access to your profile and to revoke permissions:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Apps and Websites in the menu on the left;
- Click Remove next to the websites and applications that you don't trust;
- In the window that opens, check the box next to Delete posts, videos or events posted on your timeline and click Remove.
If you prefer not to log in through Facebook at all, disable this feature entirely:
- On the same page, click Turn off in the section Apps, websites and games;
- Confirm your choice.
- Downside: You will no longer be able to use your Facebook account to log in to third-party apps, games, and websites.
What for: To keep Facebook from personalizing ads based on your actions on other websites and in other applications.
The social network's partners share information about your actions on their websites and in their mobile applications with Facebook. Even if you do not have the Facebook app installed on your phone, they send your advertising ID, e-mail address or phone number — whichever they have access to — to Facebook. If these match the details of your account on the social network, Facebook can personalize ads based on your actions in these services.
In particular, if you purchase something through a service that you logged in to with your social network account or that has the social network's analytics tools built into it, Facebook will learn that and will use information about your purchase for personalizing ads. For instance, if you have looked for a hotel in another town using a lodging search application, Facebook will show you ads for airlines that sell flights to that town.
The social network lets you find out which of your app activities it stores and restrict the use of that information for ad personalization. This is a highly useful feature: it shows just how much the company knows about your online activity. Besides, you may want to keep your visits to some of the services that share information with Facebook private, e.g. from friends who can see your Timeline.
To prevent Facebook from using information about your online activity for personalizing ads and clear the activity log:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Click Settings;
- Select Your Facebook Information in the menu on the left;
- Click Off-Facebook activity;
- If you want to clear your activity log, click Clear previous activity and confirm;
- Go back to the Off-Facebook activity page and click Disconnect future activity;
- Disable the Future Off-Facebook activity option and confirm.
The new settings will take effect within two days. The amount of ads will remain unchanged, but they will no longer consider your activity outside of Facebook.
Bear in mind that although Facebook will stop using that information in selecting ads, the social network will continue to receive it from partners.
How to defeat spammers and trolls
open allWhat for: To remove irrelevant comments.
By default, all Facebook users can leave comments under your posts, an ability that spammers and trolls often abuse.
To make sure that only your friends can comment on your posts:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Public posts in the menu on the left;
- Click the button next to Public post comments and select Friends of friends or Friends.
You can also block the app from showing comments containing certain keywords or hashtags on your timeline. In this way you can hide offensive comments or other unwanted content.
To configure the filter:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Profile and tagging in the menu on the left;
- Click Hide comments containing certain words from your profile;
- In the input field, enter the words, phrases or emojis that you want to exclude from comments in your feed, separated by commas, and click the plus icon in the lower right corner;
- Click Save.
Downside: Comment authors and their friends will still see the words on your stop list.
What for: To avoid unpleasant people.
If you want to stop a specific user from commenting on your posts, block that user. Blocked users will not be able to view your profile, leave comments under your posts, or send you private messages. In this case, the user will not know that you blocked them.
To block a user:
- Open the profile of the user you wish to block;
- Click three dots in the lower right corner of the cover photo;
- Select Block in the drop-down menu;
- Click Confirm.
You can also manage the list of blocked users and restrict certain users from performing certain actions:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Blocking in the menu on the left, and you will see the following options:
- Restricted list — lets you hide posts that you share only with friends from certain users;
- Block users;
- Block messages;
- Block app invites;
- Block event invites;
- Block apps;
- Block Pages;
- To restrict the actions of a certain user, click Edit next to the desired option;
- Click Add to blocked list;
- Search for the user and click Block next to their name;
- Click Confirm, if the application asks you to.
What for: Peace of mind.
Other Facebook users can tag you in their posts. By default, such posts appear in your timeline and your friends get notified about them. But what if somebody tags you in an offensive or fraudulent post — or if
your friends tag other people in your posts? The point is, tagging isn't always welcome.
You can limit other users' ability to tag you in their posts as well as configure the app to request your confirmation every time you get tagged:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Profile and tagging in the menu on the left;
- Click Who can see posts you're tagged in on your profile? and select one of the options:
- Friends of friends;
- Friends;
- Friends except...;
- Specific friends;
- Only me;
- Custom;
- Click Save;
- Click When you're tagged in a post, who do you want to add to the audience of the post if they can't already see it? and select one of the options:
- Friends;
- Only me;
- Custom;
- Click Save.
- Turn on the option Review posts you're tagged in before the post appears on your profile;
- Turn on the Review tags people add to your posts before the tags appear on Facebook? option.
Remember that posts in which you have been tagged will still be available in search results and other Facebook sections. To delete such a tag in somebody's post:
- Click your profile picture in the upper right corner of the screen;
- Go to Settings and privacy;
- Select Activity log;
- ln the menu on the left, select Activity you're tagged in and click Posts and comments you're tagged in;
- Select the tags you wish to remove and click Remove tags;
- Confirm your choice;
- In the menu on the left, select Photos You're Tagged In;
- Select the tags you wish to remove and click Remove tags;
- Confirm your choice.
What for: To fend off bothersome people.
By default, Facebook allows all users to send you friend requests. Spammers and fraudsters sometimes abuse this feature. Having lots of requests from unknown people is bound to get on your nerves.
To limit the list of users who can send you friend requests:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Privacy in the menu on the left;
- Select Who can send you friend requests? in the How people find and contact you section;
- Open the drop-down list and select Friends of friends.
Downside: Your acquaintances will have a hard time locating your Facebook profile unless they are friends of your friends.
How to hide posts from unwanted people
open allWhat for: So your posts will be seen only by those for whom they are intended.
You can choose who will see your Facebook posts. By default, they are visible to all of your friends. That can be inconvenient if you would prefer not to share your private life with some of them.
You may already have changed this setting and made your posts publicly available. Remember that information from your posts can be used against you. For example, information about your personal life can help telephone fraudsters to make up a convincing story in order to steal money from your bank accounts.
To configure the default visibility of your posts:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Privacy in the menu on the left;
- Select Who can see your future posts? in the Your Activity section;
- Open the drop-down list, click More and See All, and select the default group of users who will see your posts:
- Friends — posts are visible to friends only;
- Friends except… — posts are visible to all friends except those listed;
- Specific friends — posts are visible to friends on the list only;
- Only me — posts are visible to no one but you;
- Custom — more individual settings.
Remember that you can change the visibility of each individual post when publishing or after, without changing the default settings.
To restrict the visibility of your post when you create it:
- Open the drop-down menu under your name at the top of the page;
- Specify the group of users who will see your post;
- Click Done.
To configure the visibility of an existing post:
- Click the three dots to the right of the post title;
- Select Edit audience;
- Specify the group of users who will see your post;
- Click Done.
You can also restrict the visibility of all existing posts by making them visible to friends only:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Privacy in the menu on the left;
- In the Your activity section, click Limit Past Posts;
- In the window that opens, click Limit Past Posts and confirm.
Downside: Your past posts will remain visible to anyone tagged in them, and their friends.
What for: So your stories are visible only to those for whom they are intended.
Other Facebook users can see your stories and share them with their friends. So your personal information might become available to outsiders, and details from stories could be exploited by attackers.
To limit access to stories:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Stories in the menu on the left;
- Turn off the Allow others to share your public stories to their own story? option.
To limit the visibility of a story when posting it:
- Click the cogwheel next to Your story;
- Specify the group of users who will see your story:
- Friends — only your Facebook friends can view your stories;
- Custom — stories are visible only to the people you choose;
- Hide history from... — your story won't be visible to the people you choose;
- Click Save.
To limit the visibility of a story already posted:
- Click your story;
- Click Settings under Stories in the top left part of the screen;
- Go to the Story privacy tab;
- Specify the group of users who will see your story:
- Friends — only your Facebook friends can view your stories;
- Custom — stories are visible only to the people you choose;
- Hide history from... — your story won't be visible to the people you choose.
How to prevent your personal data from being exposed
open allWhat for: To protect yourself from spammers and other shady people.
Cybercriminals can use information from your profile to do all kinds of unpleasant things. For example, they can bombard your phone with spam calls or text messages. Also, contacts from your social network profile, in combination with certain publicly available information about your life, can be a treasure trove for criminals aiming to defraud you financially. Detailed information about your job or interests helps them contrive persuasive stories.
By default, your phone number is visible to all of your friends. Friends of your friends can see your date of birth. Meanwhile, information about your city, place of study, and work is public.
To hide this information:
- Click your profile picture in the upper right corner of the screen;
- Click the button with your name to go to your profile;
- Click Edit profile under your cover photo;
- Scroll down and click Edit your About info;
- Change the visibility of your personal info in each section:
- Click the icon to the left of the three dots or the pencil;
- Select Only me in the window that opens, and click Done;
- Repeat for the rest of the items. Use the menu on the left to navigate sections with your information.
After configuration, you can see how your profile looks to other users:
- Open your profile;
- Click the three dots in the lower right corner of your profile header;
- Select View As. (To leave this mode, click Exit View As in the top right corner of the page.)
Downside: Your friends may have trouble locating your Facebook profile or contacting you by phone.
What for: To conceal information about your interests.
By default, people, pages, and lists that you follow are visible to all users. Fraudsters can use information about your hobbies and interests to concoct more believable stories. And your employer probably doesn't need to know that you are subscribed to ten job search groups.
You can make your subscriptions visible to all or some friends, or hide them from everyone but you:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Click Privacy;
- Select Who can see the people, Pages and lists you follow? in the Your activity section;
- Open the drop-down list and select one of the options:
- Friends;
- Friends except...;
- Specific friends;
- Only me;
- Custom;
What for: To stop showing everybody when you are online.
Facebook shows your friends when you are, or last were, online. Your ex-partners or other interested people could monitor your status and spam you with their messages when you are online.
Also, if you befriend people you don't know personally, this information could be used by an intruder to choose the best time to hack your account. By observing your status over a period of several days, they will see when you are likely to be offline and unable to respond promptly to an attack.
To stop Facebook from showing your status:
- On the main page, click on the chat icon in the top right corner;
- Click the three dots to open the settings; Select Active Status: On;
- Turn off the option with the same name and click Save.
Downside: You will also be unable to see the status of your friends.
How to get rid of unwanted notifications
open allWhat for: To avoid distractions.
By default, Facebook sends you notifications about all activities on the social network, including requests from apps, games, and nearby hangouts. If some notifications distract you, disable or mute them.
To manage the notifications:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Notifications in the menu on the left;
- In the What Notifications You Receive section, select the listed notifications that you do not wish to receive and disable the Allow notifications on Facebook feature:
- For some types of events, you cannot turn off all notifications with one click. In this case disable the Push, Email and SMS options individually;
- To mute notifications, select Browser in the How You Get Notifications section;
- Disable the Play a sound when each new notification is received and the Play a sound when a message is received options.
What for: To avoid distractions.
Other users can send you invitations from games, as well as other notifications from internal Facebook apps. If such messages annoy you, turn them off. (If you previously disabled the Apps, website and games feature, you do not need to turn off notifications.)
To disable notifications from games and apps:
- Click your profile picture in the upper right corner of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Apps and Websites in the menu on the left;
- Click Turn off next to Game and app notifications;
- Click Turn Off.
How to clean up your traces
open allWhat for: Not to lose money.
Facebook users can make in-app purchases, donate money to charity, or buy products, for example, on Facebook Marketplace. To this end, the social network requests and stores details of a bank card or PayPal account as a payment method.
That's convenient, but in the event of a leak or hack, your financial information could fall into the hands of cybercriminals. To avoid that, delete the information from the social network's database:
- Click the down arrow in the upper right part of the screen;
- Open Settings & privacy;
- Open Settings;
- Select Facebook Pay in the menu on the left;
- Under Payment Methods, you will see a list of bank cards and PayPal accounts linked to your Facebook account;
- Select one item at a time and click Remove:
- If you use a bank card to pay for advertising, you will first need to close the advertising account in the social network to delete it.
Downside: You need a saved payment method to order ads or make purchases on Facebook. After deleting cards and accounts, you will not be able to use these options.
You can still buy goods on Facebook store pages if they process payments on their own sites.
What for: To prevent others from using your account for their own purposes.
Facebook records every login to your account and stores it in the list of active sessions. Imagine that you log in to your account on another device and forget to log out — in that case someone could take advantage of your forgetfulness and get their hands on your info.
To prevent this from happening, you can remotely close all unknown active sessions from the Web version of Facebook:
- Click your profile picture in the upper right corner of the screen;
- Select Settings & privacy;
- Open Settings;
- Select Security and login in the menu on the left;
- Under When you're logged in, you can see all your previous and current sessions;
- If there are more than two, click See more to see the full list;
- If any of the sessions are not familiar to you, click the three dots next to it and then click Log out.