Steps to Secure Your Facebook Account
Attention, Facebook users! Don’t let yourself fall victim to the latest round of scams and hacks. Protect your account before it’s too late! These scammers and tricksters are getting smarter, so it’s time to buckle down and secure your account. Don’t think it can’t happen to you – because it can. Keep your Facebook page safe and sound – starting today.
Protect Your Page: Secure Every Admin with These 2FA Steps!
Don’t wait until it’s too late! It’s crucial to implement two-factor authentication (2FA) on your business page, and ensuring that every admin follows these security steps is a must.
But that’s not all. To guarantee maximum protection, it’s highly recommended to use an authenticator app over text message codes. Text messages are susceptible to spoofing, which is why using an authenticator app is a much more secure option. Stay one step ahead of bad actors with these important security measures.
The MAX secure method is setting up a USB Security Key. All the details are on this post below.
Follow These 12 Action Steps to Secure Your Facebook Account
On desktop or mobile, navigate to your Facebook Settings and follow these steps.
Step #1: Set up 2-factor or multi-factor authentication
2FA (two-factor authentication) or MFA (multifactor authentication) is an absolute MUST. In fact, get this: if you’re running ads, your ads will quite possibly perform better so long as EVERY admin of your Page has 2FA set up.
This is the most critical step. And, not only that, you might even see ever-so-slightly better organic reach so long as every admin of your Page has 2FA set up!! Yes, it’s that vital! So, get ‘er done, my friends!
You access 2FA under your Security and Login settings.
Most people utilize SMS to receive a code via text message. But, that is actually not the most secure way to set up 2FA as phone numbers can be spoofed. Ugh, I know, right?!
So, for optimal security, it’s much more effective to use an Authenticator app. I cannot stress this strongly enough! Google Authenticator (iOS or Android) and Duo Mobile are among the top authenticator apps.
If you’re not a techie and find it confusing to have a separate mobile app that generates codes for you to use to login to your vital sites, please get some help from a trusted person who understands this process. It’s really not that difficult, though!
Step #2: Only use long and cryptic passwords
Ensure your password is long and cryptic. If you can remember your password (for anything!), it’s not cryptic enough.
So long as you are using a strong password – along with 2FA – you shouldn’t need to change your password that often. But, some security experts suggest changing your password every few months.
Step #3: Set up a USB Security Key for maximum security
For maximum security, ALSO set up a USB Security Key.
For more information, suggested devices and instructions, here’s a helpful post. What is a USB security key, and how do you use it?
Step #4: Always use a trusted password manager tool
Do not ever rely on your memory or a non-secure way of logging passwords. Always use a reputable password manager tool, e.g. LastPass, 1Password, etc. We use LastPass, but there are several out there you can use.
Step #5: Do not share your login credentials
Never ever share your login credentials with anyone, for any reason.
To share access to your business page, use Business Manager or Business Suite and add Admins with appropriate roles, ensuring they also have 2FA set up.
Step #6: Enable login alerts
Set up extra security by enabling “Get alerts about unrecognized logins.” Select notifications on Facebook and by email.
NOTE: Facebook used to have the option to get login alerts via Messenger and/or SMS, but those two options are going away. Instead, only in-app notifications + email are options, which is still just fine!
Step #7: Check Logged In Sessions
Periodically check your Logged In Sessions and remove any that you no longer need. This is especially vital if you ever used a public or shared computer to access your Facebook account.
Step #8: Review connected Apps and Websites
Under Settings, periodically check which Apps and Websites are connected to your Facebook account and still have active access. Remove any you no longer need or use. Be careful when you remove them to ensure it’s not a program that you are using and is vital to your social media role.
Step #9: Review your Business Integrations
Regularly review your Business Integrations – these are apps and services that you’ve used Facebook to log into. Again, remove any you no longer need or use.
Step #10: Large following? Consider hiding
You might want to hide your Friends and Followers on your personal profile if you have a large number of them. The setting is under the 3 dots on your Friends or Followers tab. This is particularly important for profiles that get impersonated as it looks very enticing to a scammer to be able to act as you and try to scam your entire network.
The bad actors create a new account with a name that looks very close to yours; they’ll use your profile picture, send friend requests to all your publicly visible friends and then spam them with scam links. This icky scam was very prevalent on Instagram for the longest time, causing some account owners to switch to a private account.
If your account ever does get impersonated on Facebook and/or Instagram (not hacked, but impersonated with a new/similar account name), all you can do really is report the offending account. And ask your friends and followers to report it for impersonating you.
Step #11: Be ultra careful with suspicious links
Always be very careful to check any links sent to you via DM and/or email that seem to come from Meta / Facebook (or even from trusted friends, as it’s possible they got hacked).
Phishing is rampant these days and the scammers are getting cleverer by the day; it’s all too easy to fall prey to something that looks too good to be true. If in doubt, do not click! Note: we see these all the time on our client’s pages. Emails or Facebook messages notifying them of violations. Never, ever click these. When in doubt, contact us and we will advice. More than likely they are spam and we are already aware of them. Email is the easiest to check, always look at the email address – not who it’s from but the actual email address. This is a dead giveaway.
Step #12: Review browser extensions
Make sure to keep your web browser up to date and remove any suspicious applications or browser add-ons or extensions.
Bonus Step: Download your information
This setting allows you to download everything you’ve ever posted on Facebook and it’s a solid best practice for both your personal profile and business Page, as at least you would own a back up off of Facebook. (Just like you back up your website or blog).
I would recommend downloading your information a minimum of once a year, but maybe 2-4 times a year depending on how much you post!