Many of you have asked yourselves “Is my Facebook account safe from hackers?” or “How can I secure my Facebook account from hackers”.
Well, this guide is for you and it answers all your questions, but only if you read it from the beginning to the very end.
Facebook has been the fastest growing social network since 2008. According to Statista, the number of monthly active users on Facebook as of the 3rd quarter of 2019, is 2.45 Billion which makes it the biggest social network on the planet.
See the infographic below for details.
So why are we talking about the number of users? Well, being a social network with the most number of users makes it have the most number of attacks from hackers.
Most of the attacks that happen on Facebook happen on the users’ end because Facebook does its best to protect user data on their end. Therefore the guide is solely going to concentrate on securing a Facebook account on the user’s end.
- 1 Why is Facebook security important?
- 2 How to secure your Facebook account from hackers
- 2.1 Password security
- 2.2 Enable Two-factor authentication
- 2.3 Add trusted contacts
- 2.4 Enable alerts for unrecognized logins
- 2.5 Manage Third-party logins
- 2.6 Logout on shared computers
- 2.7 Be sure of the URL
- 2.8 Don’t use your Facebook password elsewhere
- 2.9 Log out all Facebook sessions in case of suspicion
- 2.10 Delete your Facebook account
- 3 Conclusion
Why is Facebook security important?
Facebook contributes to a significant part of its users’ day-to-day living. Cnet calls Facebook a Liability and I believe it is. Each and every day Facebook gets to know you more and more. Consider how much Facebook knows about you!
If a hacker gained access to your Facebook account, that’s’ how much information they’ll get to know about you.
I recently saw this feature that shows me to see my nearby friends from a map. So this means a hacker in my account will be able to see all this.
Here are some of the reasons why you need to keep your Facebook account secure from hackers.
It takes 20 years to build a reputation and few minutes of cyber-incident to ruin itStephane Nappo
Secure personal information
As I’ve told you earlier, Facebook has a lot of information about you. Some of this information is that you provide directly, for example, your name, address, phone numbers and much more.
Other information is just acquired indirectly for example what you’re interested in, who you would want to be friends with, and so on.
This is information that you wouldn’t want hackers to be exposed to. It can be used against you in a lot of ways for example blackmail.
Protect friends’ information
Our Facebook accounts allow us to have almost unlimited access to our friends’ information.
Information such as contact details, addresses and etc. If by any chance your Facebook account is compromised, it puts your friends’ account at risk considering the information known about them.
Protect third-party Applications
Due to the vast number of users on Facebook, many applications now rely on Facebook services such as Authentication.
Such applications provide an alternative way of authentication which uses your Facebook credentials to log in. This implies that anyone with access to your Facebook account can automatically access your accounts in applications where you used Facebook login.
Protect personal relationships
This is something that would damage your relationships especially if you’re not aware as soon as possible.
I have a friend whose Facebook account was hacked recently, where the hacker started asking for money from her friends and family. Unfortunately, It took a while for her to notice what was happening.
You wouldn’t want this to happen to you.
How to secure your Facebook account from hackers
Most of the steps will be easier to perform with a computer.
If you want to get the most from this guide, then I recommend you read the whole of it.
Securing a Facebook account is not just about a strong password as many people think.
Although the password plays a significant role in the process, It goes beyond just a strong password to a number of other measures.
These measures to secure your Facebook account are described in detail below.
I call the password the key to your Kingdom.
As you all know that a password plays a great role in securing any kind of application.
To protect your Facebook account at the login page, you need to use a strong password that is hard to guess for even the closest person to you.
We are going to explore the steps involved in creating an uncrackable password.
But before we learn how to create a stronger password, let’s see how these hackers gain access to passwords.
How do hackers crack passwords?
- Buying credentials on the dark web
Check here to see if your password is among those being sold on the dark web.
One of the most common ways in which hackers gain access to passwords is by buying them on the dark web.
Buying and selling passwords has made big money for hackers. Passwords sold on the dark web are got from security breaches within companies and database leaks.
An example of a breach is the Facebook breach which exposed over 50 Million users’ accounts in 2018.
If you’ve used your password for a long time, you’re probably a victim of this technique.
- Brute Force attack
This is one of the most dangerous attacks. Savvy hackers have created tools that try out every possible combination for all characters on the keyboard.
It’s just a matter of time before it cracks your password.
The most common brute force algorithm is one that cracks any 8 character password in less than 6 hours.
This is why the length of a password plays a big role in its strength.
- Dictionary attack
Unlike the Brute Force attack which goes through combinations for all characters, the dictionary attack does as it sounds like. It uses the typical words found in the dictionary.
The tool that performs a dictionary does combinations on words found in a dictionary, like “quagmire “. So if your password can be looked up in a dictionary then it needs serious fixing.
Phishing is most common in emails. The attacker manipulates you into thinking that he’s working on behalf of an authentic source.
An example is receiving an email claiming it’s from Facebook support, where it has a link to a website that looks like Facebook. The page might ask for your login credentials and after which your credentials are captured.
Hackers can use other phishing techniques like phone calls from which you can be manipulated into revealing your credentials.
- Keystroke logging
Another common technique for savvy hackers is by using keystroke logging where they are able to monitor buttons pressed on your keyboard which finally reveals your passwords.
This technique is commonly exploited by using a program that remotely records keys pressed.
Composition of a strong password
- Overcoming the Brute Force attack
We know that the Brute Force attack is the most dangerous one. It cracks the password no matter what characters are used. One thing that will protect you from this kind of attack is by using a long password.
When I talk about a long password, I am not talking about 8 characters, or 9 or even 10. I am talking about a password with at least 15 characters. “pass1234” and “63nJ%sgu” will be cracked with the same ease in the same amount of time.
A 15 character password is uncrackable by the Brute Force attack. It will require a very big number of combinations, not to mention the computing power that hasn’t been developed.
- Overcoming the dictionary attack
As I mentioned earlier how the Dictionary attack works, it uses a combination of words that are found in a dictionary.
To secure a password from this attack, your password should not contain words from the dictionary. Words such as “admonish” seem rare but they will not work.
You can, however, create sentences with these words but those sentences should not make any meaning to anyone and should not contain underscores or spaces.
An example is “QueueZebraMummyKeyboard”. A stronger combination is to use just parts of the words, for example, you can use a “QueZebMumKey” (Although it’s not long enough) which takes 3 letters from each word in our first password. Such a password won’t make meaning to anyone else other than you.
Another recommendation is to use a mix of different characters including letters, numbers and punctuation symbols.
- Overcoming the phishing attack
Avoiding a phishing attack requires you to be sure of the authenticity of the information you receive. You can follow the following measures to avoid the phishing attack.
- Don’t click on suspicious links in your email or message inbox.
- Don’t use websites without the https badge.
- Check the URL address box before providing your credentials, to confirm you’re on the right website.
- Use a spam filter in your email. Most email providers such as Gmail configure this by default so you don’t have to worry.
- Use antivirus software. I have free ones here.
Here are more ways to recognize phishing emails.
- Protecting from keystroke logging
You can overcome this attack by using one of these antivirus and antimalware software and always keep it up to date.
Since keystroke logging requires the involvement of the hardware, a program that does this kind of recording is installed on the system which makes it easy to be identified by the antivirus software.
- Making your password free from the dark web
The most number of victims having their credentials on the dark web are those that have used their passwords for a very long time.
Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.Chris Pirillo
These companies are constantly being attacked and there’re a lot of chances that your long-time password is compromised.
Another way to protect your Facebook account is to avoid using a password in more than one application.
Password generation and storage
Two decades ago it would be very easy to create and remember a strong password because a person usually had less than 5 online accounts.
But now we’re in the internet era where a single person has over 50 accounts all having passwords.
Considering the composition of a strong password, creating as many strong passwords for each of your accounts may make it hard to remember each of them.
However, the browser password managers are not ideal for the task especially because they store passwords in an unencrypted form, which means that anyone with access to your browser can see all of them in cleartext format.
But you could still use the browser password managers if you haven’t secured a dedicated password manager. It should not take though before you start using a dedicated password manager
Dedicated password managers will do the job perfectly. A number of people are in favor of LastPass Password Manager.
These password managers take away the burden of thinking of a very strong password and remember it.
The only thing you have to remember is the master password that should follow all the guidelines of a strong password we went through.
Enable Two-factor authentication
Two-factor authentication is a new technology that provides an additional protective layer. It treats the password as just a part of the authentication process.
In this case, a password alone can not be used to log in to your Facebook account.
Additional confirmation is used in relation to a password which might be an SMS code sent your phone or biometric authentication.
How to set up two-factor authentication on Facebook
- Open Security settings
Click on the arrow down icon at the top right corner of the website and open Settings
Use the navigation menu on the left side and click on Security and Login
- Open two-factor authentication
Scroll down to the card containing Two-Factor Authentication and click on the edit label on the left of Use two-factor authentication.
- Select a two-factor authentication method
Using an authentication application is recommended because it’s secure enough.
An SMS can be intercepted by hackers which is a compromise. Also, you can’t log in if you don’t your phone. The worst scenario is when you’re out of your country and have no access to the phone network you used.
But still, SMS is better than the usual single login.
- Set up two-factor authentication
In the next section, I go through both using an SMS and an authentication app.
You just need to choose one.
But as I told you earlier, if you can use an authentication app then don’t think twice.
There are various good authentication apps but we shall use Google authenticator.
How to use SMS for two-factor authentication
Note: You can not use the phone number used for two-factor authentication to reset your password
- This continues from step 4 where we’ve stopped in the previous section
- From the Security method page, click on Use Text Message (SMS)
- Select one of the phones registered in your account or add a new phone number
- Enter code sent in SMS
- You are done!
Now when there is a new login into your account, the login will only be complete after verifying with a code sent in SMS
You can add a backup method in case SMS fails in the future.
How to use Google Authenticator for two-factor authentication
Google Authenticator is a free mobile application that can be downloaded from the Google Play store.
Google Authenticator requires you to remember your Google password.
Whenever you sign in to Google, you’ll enter your username and password as usual.
When asked for a code, you’ll be able to get one from this app.
Follow these steps to set Google Authenticator as the authentication app for your Facebook account:
- Now instead of choosing Text Message as the security method at this step, select Use Authentication app
- You can either use a bar code or a key to connect the application to your account
- When provided with a bar code, open the Google Authenticator app and click on Scan a bar code.
- Or click on Enter a provided key and enter the key provided by Facebook
- After scanning the bar code or entering the provided key, a code will be generated in Google Authenticator.
- Click on continue in Facebook
- When asked for a confirmation code, enter the one generated in Google Authenticator
Note: Sometimes the code refuses to work if your Android device has incorrect time.
Add trusted contacts
Trusted contacts are facebook friends that you trust that can help you regain your Facebook account in case you’re locked out.
They are able to send you a recovery code and a special URL to regain your account.
It is important that you choose friends that you trust.
How to add trusted contacts to your Facebook account
- Click on the arrow down icon in the top right corner of the Facebook page and open settings
- Open Security and Login from the left pane.
- Scroll down to the card labeled Setting Up Extra Security
- Click on the edit button on the right of Choose 3 to 5 friends to contact if you get locked out.
- Choose friends to use as your trusted contacts by entering their names and then finally confirm.
How to recover your Facebook account with trusted contacts
- Go to the Facebook login page and click on Forgot Password
- On the next page, you’ll be asked for your email address or phone to help find your account
- If you can’t find your account with any of these, search using your name
- When your Account is listed after searching, click on This is my Account
- The email address or phone associated with the account will be listed.
- Click on no longer have access to these ( I assume you will want to use the trusted friends if you don’t have access to the email or phone listed )
- Add a new email address or phone.
- Click on Reveal my trusted contacts
- You will see a set of instructions with a special link. The special link contains a login code that can only be revealed by your trusted contact.
- Send this link to your friend and ask them to open it and then send you back the login code required.
Enable alerts for unrecognized logins
Security alerts in case of unrecognized logins are very important.
Open Security and Login settings as we’ve done in the previous steps.
Scroll down to the card containing Setting Up Extra Security
Click on the edit button in the left of Get alerts about unrecognized logins
Enable alerts in a way you prefer them
Manage Third-party logins
You should try as much as possible to avoid third-party logins
Many applications now allow users to register using their Facebook accounts.
In the wider view, this gives the application privileges to access your Facebook login and profile information.
Trusting the application is not the only issue in this.
Another one is that, if your Facebook account is hacked, then all the applications where you use Facebook as the login method are compromised.
I guess you see the reason why you should avoid using third-party logins because the hackers will keep trying.
If you have to grant access to a third-party application, then you should keep it in check and revoke its access when you stop using it.
How to edit or revoke access from Third-party applications
Click on the arrow down icon and open Facebook Settings from the menu.
Click on Apps and Websites on the left menu
It will open the Active, Expired and Removed apps and websites.
Identify the application you want to edit or remove and click on View and edit
Here you can turn on and off the information you share with the application.
If you scroll to the very bottom, you can remove the application from your Facebook account. This means that you will have to create a new login method when you go back to the application
You should try as much as possible to avoid logging into your account on shared computers.
There are high chances of being compromised from this.
Since its not your computer, it might have spyware or any kind of malware you’re not aware of which can be used to gain access to your account.
In the worst-case scenario, if you have to access your account from a shared computer, then you should ensure that you log out of your Facebook account after use.
How to log out Facebook on desktop
Click on the arrow down icon at the top right corner of the Facebook page and click on logout
How to logout on mobile
Click on the hamburger icon at the top right corner and scroll down to the logout label
Be sure of the URL
Many hackers create websites that look like Facebook and they embed such links in emails and messages.
Such websites ask you to log in as if its Facebook.
Before you provide any credentials, you should confirm that the URL is the actual address of facebook which is (all Facebook URLs have “facebook.com” as their domain)
Don’t use your Facebook password elsewhere
Many people use the same password for various online accounts.
You shouldn’t make this mistake.
If you have done this, you should immediately change the password for both the applications because there are high chances your password is one of those being sold on the dark web.
Log out all Facebook sessions in case of suspicion
Suspicion may be as a result of security alerts that you receive.
In such a case, you should log out all sessions in your account and change your password right away.
Read below to learn how to log out all devices from your Facebook account.
How to log out devices from Facebook account
Click on the arrow down icon at the top right corner of the Facebook page and open Settings
Open Security and Login from the left navigation menu.
Navigate to Where You’re Logged In and click on See More to show all sessions
Scroll to the bottom right of the card and click on Log out all sessions
How to change Facebook password
Click on the arrow down icon at the top right corner of the Facebook page and open Settings
Click on Security and Login from the left menu
Scroll to the card with Login label
Click on the edit button on the right of Change password
Enter your current password and the new one then save changes
Delete your Facebook account
If there’s one thing that can save you all the mess, it’s this.
Well, I can not do this to my account because there’s a lot that goes on with it, not to mention that I will have to share this guide there.
But if you feel like Facebook is becoming a burden to you then this might be just a solution for you.
Facebook provides two options for deleting your account.
You can either deactivate your account if you hope to come back at some point in the future.
Or you can permanently delete your account which will remove any information related to you. It will be like you never had a Facebook account
The following happens if you just deactivate your account:
- You can still use messager to chat
- Your profile is not visible to anyone when they search for you
- Your media which includes photos, posts and videos are not deleted.
- You can still use Facebook login in other applications like Instagram
- You can reactivate your Facebook account at anytime
The following happens when you permanently delete your Facebook account:
- Your profile is not visible to anyone
- All your media which includes videos, posts, and photos are deleted permanently
- You can not use Facebook messager to chat with anymore
- Facebook login for applications you use can not work anymore. You’ll have to get in touch with these applications to recover your respective accounts
- Recovering the Facebook account is not possible.
How to delete your Facebook account
Click on the arrow down icon in the top right corner of the Facebook page and open Settings
Open Your Facebook Information in the left menu
Click on Deactivation and Deletion
Here you can choose to Deactivate Account or Permanently Delete Account
Cheers, you are safe!
If you have read the whole guide then you’ve done your part in keeping your Facebook account safe from hackers.
However, if you’ve read only part of the guide, you won’t know what the problem is when you’re hacked.