PDF download Download Article
Learn tips for keeping your Facebook account safe and secure
PDF download Download Article

For many of us, Facebook is part of everyday life. It’s where we interact with friends and colleagues, follow our favorite celebrities, and stay on top of the latest news. Many of us see Facebook as an extension of ourselves, which is why having your Facebook account hacked can be more than just humiliating. A hacked Facebook account can damage your reputation, expose private information, or even cost you money. If you suspect that your Facebook account has been hacked, the first thing to do is change your password . This wikiHow article teaches you tips and tricks for boosting the security of your Facebook account.

Things You Should Know

  • There are plenty of things you can do to protect your Facebook account and prevent it from being hacked, like making a secure password.
  • Use Facebook's security features to check your activity on the social media site and make sure there aren't unknown logins.
  • Don't click links in emails that claim to be from Facebook and don't give away your login information if you're asked for it.
1

Create a secure password.

PDF download Download Article
  1. Your Facebook password should be difficult to guess, yet easy for you to remember. [1] Avoid including your name, birthdate, pets, or common words in your password.
    • The longer the password, the more difficult it will be for others to crack. One way to create a strong password is to think of a long phrase or series of words that you can remember, but that nobody would ever guess.
    • Always include numbers, a mix of upper- and lower-case letters, and symbols in your passwords. Aim for at least 10 characters.
    • Try making an acronym out of a memorable sentence or song lyrics. For example, "I'm gonna take my horse to the old town road" could be iGTMhtthotR9! Who would guess that?
  2. Advertisement
3

Safely store your passwords.

PDF download Download Article
  1. As you create more strong and unique passwords, it will be difficult to remember them all. There are many good password managers available that will encrypt and safely store your passwords so you only have to remember one master password. [3] Some popular options are LastPass, Dashlane , and 1password .
    • You might even have a password manager built into your operating system. For example, if you have a Mac, iPhone, or iPad, you can use the iCloud Keychain for free.
    • If you're using a browser that saves your passwords, such as Google Chrome, you'll be required to enter a master password to see them in plain text. In the case of Chrome, you'll have to enter your Google password. If it's Microsoft Edge and you're using Windows 10, you'll have to confirm your default sign-in password or PIN.
  2. Advertisement
6

Use trusted computers.

PDF download Download Article
  1. If you are using a computer that you don’t know or trust, avoid doing anything that requires you to enter your password. Hackers commonly use keyloggers on computer systems that record everything you type, including passwords.
    • If you must log in on a computer you don't trust, you can request a one-time password from Facebook in some regions as long as your phone number is already linked to your account. [4] To do this, send a text message to 32665 (if you're not in the US, see this list for your number) containing the letters otp . As long as your mobile phone is linked to Facebook, you'll receive a 6-digit temporary passcode you can use in the "Password" blank to sign in.
    • If it’s not possible for you to use a one-time password and you absolutely must sign in, change your Facebook password as soon as you're back at your own computer, phone, or tablet.
    • Avoid using the “remember password” feature on computers other than your own. If you sign in to Facebook on a public computer (or even at a friend's house), you may see a “remember password” prompt that asks if you'd like to save the password. Choose the Not Now (or similar) option, or else other users of that computer can gain access to your account.
8

PDF download Download Article
  1. Login Alerts send you an alert (Facebook notification, email, and/or text message) when someone logs into your account from an unrecognized location. If you get a login alert and you weren't the one that logged in, click or tap the This wasn't me link to recover your account immediately. Here's how to set up Login Alerts:
    • On a computer:
    • On a phone or tablet:
      • Open the Facebook app and tap the menu (the three horizontal lines).
      • Scroll down and tap Settings & privacy .
      • Tap Settings .
      • Tap Security and Login .
      • Tap Get alerts about unrecognized logins .
      • Choose how you want to receive alerts.
9

Enable two-factor authentication.

PDF download Download Article
  1. Two-factor authentication gives your account an extra level of security by requesting a security code when you log in from an unknown browser. You can choose to receive this code via SMS text message or using an authentication app like Google Authenticator . After setting up two-factor authentication, you'll be given options for recovering your account in case you lose access to your second device (your phone).
    • On a computer:
      • Go to https://www.facebook.com/settings?tab=security .
      • Click Edit next to "Use two-factor authentication."
      • Select Use Text Message and follow the instructions to receive codes via SMS (most common) and follow the on-screen instructions.
      • Select Use Authentication App to use an authentication app like Duo or Google Authenticator and follow the on-screen instructions.
    • Using a phone or tablet:
      • Open the Facebook app and tap the menu (the three horizontal lines).
      • Navigate to Settings & Privacy > Settings .
      • Tap Security and Login .
      • Tap Use two-factor authentication .
      • Tap Use Text Message and follow the instructions to receive codes via SMS (most common), and follow the on-screen instructions.
      • Tap Use Authentication App to use an authentication app like Duo or Google Authenticator, and follow the on-screen instructions.
    EXPERT TIP

    Brandon Phipps

    Technology Specialist
    Brandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.
    Brandon Phipps
    Technology Specialist

    Enable two-factor authentication on all your digital accounts. That applies to all your personal accounts, business accounts, finances, client information, and productivity apps. Two-factor authentication protects your sensitive data from unauthorized parties and reduces the risk of security breaches.

  2. Advertisement
10

PDF download Download Article
  1. The “Where You’re Logged In” section tells you which devices are currently signed to your Facebook account. If you think someone is using your account, or that you left yourself logged in somewhere else (like at work or on a friend's computer), you can use it to sign yourself out remotely .
    • Using a computer:
      • Go to https://www.facebook.com/settings?tab=security . This shows you a list of currently signed-in locations near the top of the page.
      • Click See more to expand the list (if given the option).
      • To sign out of a session, click the three vertical dots and select Log Out . Or, if the session is not you (if you think you've been hacked), select Not You? instead and follow the on-screen instructions.
      • Click Log Out of All Sessions to sign out everywhere you're logged in.
    • Using a phone or tablet:
      • Open the Facebook app and tap the menu (the three horizontal lines).
      • Navigate to Settings & Privacy > Settings > Security and Login .
      • Locate the list of currently signed-in locations.
      • Tap See all if necessary.
      • To sign out of a location, tap the three vertical dots and select Log Out . Or, if you think you've been hacked, select Not You? and follow the on-screen instructions.
      • Repeat until you're signed out everywhere you want.
11

Look for suspicious activity in your emails from Facebook.

PDF download Download Article
  1. If you accidentally deleted an email that Facebook sent you, or if your email account was hacked and you’re afraid that the hacker got into your Facebook account, you can see a list of recent messages sent by Facebook.
    • Using a computer:
      • Go to https://www.facebook.com/settings?tab=security .
      • Click View next to "See recent emails from Facebook". Security emails are on the first page—tap OTHER EMAILS to see different types of Facebook emails.
      • Click I didn't do this or Secure your account if necessary.
    • Using a phone or tablet:
      • Open the Facebook app and tap the menu (the three horizontal lines).
      • Navigate to Settings & Privacy > Settings > Security and Login .
      • Tap See recent emails from Facebook .
      • Tap I didn't do this or Secure your account if necessary.
  2. Advertisement
12

PDF download Download Article
  1. If you've never specifically chosen an audience for your Facebook posts, you may be sharing your information publicly. When posting to Facebook, you can click or tap the small drop-down menu above (mobile) or below (computer) the typing area to select an audience ( Public , Friends , etc.). If you want to go back and limit your previous posts, here's how:
    • Using a computer:
      • Go to https://www.facebook.com/settings?tab=privacy .
      • Click Edit next to "Who can see your future posts?" to control your default posting privacy.
      • Click Limit Past Posts to change all public (or friends-of-friends) posts to friends-only.
      • Click Check a few important settings at the top of the page to run a privacy checkup for more settings to change.
    • Using a phone or tablet:
      • Navigate to Settings & Privacy > Settings > Privacy Settings .
      • Tap Who can see your future posts? to control your default posting privacy.
      • Tap Limit who can see past posts to change all public (or friends-of-friends) posts to friends-only.
      • Tap Check a few important settings at the top of the page to run a privacy checkup for more settings to change.
    • To see what your profile looks like to other people (computer or mobile), go to your profile, click or tap the three horizontal dots (…) near the top of the page, and then select View as .
13

Encrypt notification emails.

PDF download Download Article
  1. Facebook gives you the option to have all notification emails to be encrypted before they are sent to you. This can only be done on Facebook's website (not the mobile app), and you'll need an OpenPGP key to get started. To do this, head over to https://www.facebook.com/settings?tab=security , scroll down and click Edit next to "Encrypted notification emails," paste your OpenPGP Key into the box, add a checkmark to the box, and then click Save Changes .
  2. Advertisement
14

Check that the site is authentic.

PDF download Download Article
  1. If you're using a web browser to access Facebook, make sure the address bar actually says www.facebook.com and not something like facebook.co, face.com, or facebook1.com, etc. Phishers often choose sites that you may accidentally type into your address bar when in a hurry.
    • Be especially careful when clicking links in email messages from Facebook. Scammers may send emails that look like they are from Facebook but are rogue sites that steal your data. If you click or tap a Facebook link in an email and you see any domain name that isn't "facebook.com," do not enter your password or any other personal info.
15

Don't accept friend requests from people you don't know.

PDF download Download Article
  1. Once they’ve friended you, they can spam your timeline, tag you in posts, send you malicious messages, and even target your friends.
    • If your birthday and location are viewable by your Facebook friends and you regularly update your whereabouts, scammers might be able to use your details and updates to crack your passwords or even break into your home when they know you’re away on vacation.
    • Be wary if you receive a friend request from someone you think you're already friends with. Scammers often mimic real people's profiles and try to make friends with their friends.
  2. Advertisement
16

Don't click suspicious links on Facebook.

PDF download Download Article
  1. Your friends aren’t immune to spam. If a friend posts a suspicious link or “shocking video” or sends something strange in a message, don’t click it—even if it's from someone you know. If one of your Facebook friends clicks on a spam link, they could accidentally send it over to you. [5]
    • This also goes for sketchy-looking websites, browser plug-ins and videos, and suspicious emails and notifications. If you ever receive an email asking for your password for any account that you have, do not respond. Reputable companies will never request your password over email.
17

Review your payment history.

PDF download Download Article
  1. If you make purchases on Facebook, be sure to review your purchase history often. That way, if someone does manage to get into your account and spend money, you can seek help from Facebook’s Payments Support Center.
    • To see your payment history on a computer, visit https://secure.facebook.com/facebook_pay/payment_history .
    • If you're using a phone or tablet, tap the three horizontal lines or blue-and-white "f", tap Facebook Pay , and then scroll down to the "Payment History" section.
    • To review your payment history, go to “Settings” and then click on the “Payments” tab.
  2. Advertisement
18

Report suspicious activity.

PDF download Download Article
  1. How you report something will depend upon what you’re reporting. [6]
    • To report a profile, go to the profile you want to report, click or tap the three horizontal dots (…) near the top, select Find Support or Report Profile , and follow the on-screen instructions.
    • To report a problematic post, navigate to the post, click or tap the three horizontal dots (…) near the top, select Find Support or Report Profile , and follow the on-screen instructions.
    • To report a message, open the message you'd like to report in Facebook (or Messenger on a phone or tablet), click the gear or tap the person's name, and select Something's Wrong . Follow the on-screen instructions.
19

Block suspicious people

PDF download Download Article
20

Make sure you don't have malware.

PDF download Download Article
  1. Malware may help hackers circumvent Facebook's security tools to get access to your account. From there, it can collect personal information, send status updates and messages that appear to be from you, or cover your account with ads that will crash your computer. [7] There are a number of free anti-malware programs available online. Facebook recommends ESET and Trend Micro as free scanning tools. [8]
    • Your computer may have malware on it if you have recently tried to watch a “shocking video” via a Facebook post; if you have visited a website claiming to offer special Facebook features; or if you have downloaded a browser add-on that claims to do the impossible (for example, allowing you to change the color of your Facebook profile). [9]
    • PCs and Macs have their own free version of anti-malware , so scanning and getting rid of the bad files is easy!
22

Spot and report phishing scams.

PDF download Download Article
  1. If you receive an email or Facebook message asking for your personal information, it could be a phishing attempt. Always report all Facebook-related phishing attempts to Facebook via email at phish@fb.com. [10] To avoid getting “phished” (scammed) , beware of the following:
    • Messages claiming to contain your password as an attachment.
    • Images or messages with links that don’t match what you see in your status bar when you hover over them.
    • Messages asking for your personal information, such as your password, credit card info, driver’s license, social security number, date of birth, etc.
    • Messages claiming that your account will be deleted or locked unless you act immediately.

Expert Q&A

Search
Add New Question
  • Question
    What should I do if I think I've been hacked?
    Luigi Oppido
    Computer & Tech Specialist
    Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
    Computer & Tech Specialist
    Expert Answer
    If you're worried you've been hacked, the best thing you can do is change your password.
  • Question
    What if the hacker is really smart and hacks my address? I'm afraid I'm being stalked.
    R2_d2000
    Top Answerer
    If you feel your life is in danger, contact the police. The articles How to Check if You Are Under Surveillance , How to Recover a Hacked Facebook Account , How to Prevent Hacking , and How to Activate 2 Step Verification in Facebook should be able to provide some help.
  • Question
    How do I set up an authentication code for Facebook?
    R2_d2000
    Top Answerer
    The wikiHow article How to Activate 2 Step Verification in Facebook provides step-by-step directions with pictures to help you enable an authentication code for Facebook.
See more answers
Ask a Question
      Advertisement

      Tips

      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!
      Advertisement
      1. https://www.facebook.com/help/120286311449381?sr=9&amp%3Bquery=reporthacker&amp%3Bsid=2TpUBw9u7gcOKfTcR
      2. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 31 July 2019.

      About This Article

      Article Summary X

      1. Create a strong password.
      2. Don't use the password anywhere else.
      3. Try a password manager.
      4. Set up login alerts.
      5. Turn on two-factor authentication.
      6. Choose trusted contacts.
      7. Limit who can see your posts.
      8. Report spam and suspicious content.

      Did this summary help you?
      Thanks to all authors for creating a page that has been read 608,971 times.

      Reader Success Stories

      • Anonymous

        Sep 22, 2017

        "It was really helpful to me actually, I am a good programmer but I am just learning to secure not to hack, I ..." more
      Share your story

      Is this article up to date?

      Advertisement