We run through some simple changes to improve privacy and security when using Facebook.
Just like every other site on the web, however, it pays to consider both your privacy and your security when using it, be that on the internet, or through one of the many apps it provides.
So, with that in mind, here are 15 tips for protecting yourself and your sensitive information when using Facebook.
1. Control who can see what’s posted on your timeline from now on
While there may be some special circumstances under which you are happy to share your content far and wide, with both the people you know and complete strangers, for the most part you will want to limit who can check you out on Facebook.
Next, click on Privacy in the left-hand menu and then under “Who can see my stuff?” locate “Who can see your future posts?” and click on Edit.
Now select from:
- Public (this means everyone)
- Friends (this is what we would advise)
- Friends except…(all of your friends except for any you purposefully omit)
- Specific friends (only those people you choose from your existing list of friends)
- Only me (your timeline is going to be a bit lonely!)
Pick whichever option works for you – public should probably be avoided and Only me seems a bit pointless – and then that setting will apply for all your future posts.
2. Control who can see what you have previously posted on your timeline
Now that you have limited who can see your future posts on Facebook, you may want to add a level of control to who can see what has gone before.
As before, go into your Settings and click on Privacy. Under “Who can see my stuff?” find the entry for “Limit the audience for posts you’ve shared with friends of friends or Public?” and click on Edit.
Now click on “Limit Old Posts” and then click on the confirm button in the box that appears.
While you’re here, consider enabling Timeline Review, which allows you to review any post or photo that you’re tagged in before it shows up on your wall. You’ll receive a notification whenever someone tags you so you can then approve or disapprove the post.
In the Followers tab, you can decide who can follow you on Facebook. A follower is basically someone who can view your profile and posts but isn’t personally friends with you.
3. Limit the visibility of your ‘About’ section
Do you have something in your ‘About’ section that you don’t want to share with the whole world? If so, you need to do something about that…
From your profile page, click on the “Update Info” or “Edit profile” button.
If your button reads “Edit profile”, in the following window any box you check will be set to public and viewable by anyone, whether they are your friends or not. Uncheck these boxes to make them viewable only by friends.
If your button reads “Update Info”, a new box will appear which will either display your current info or ask you to update any elements you have previously skipped.
At the bottom of this window there is a drop-down menu showing the default setting which is Public. Click on this and select from the options of:
- Public (this means everyone)
- Only Me
- Custom (a variety of options allowing groups or individuals to be added or excluded)
Voila! Most of your private stuff is now exactly that, though you should be aware that some details, such as your name and cover photo, cannot be given limited visibility under any circumstances.
4. Limit who can contact you through Facebook
Limiting who can see your timeline on Facebook will go a long way to protecting your privacy but it won’t stop all those bizarre friend requests and other messages you get from people you do not know.
To ensure the small minority of strange people on Facebook cannot get in touch with you, you will want to change the setting that allows “Everyone” to make contact.
To do that, go back to your Privacy settings again and find the section titled “Who can contact me?” and click on Edit.
A new drop-down menu will appear, showing who can send you friend requests. You’ll want to change that from “Everyone” to “Friends of friends”.
5. Control who can look you up on Facebook
While you’re here, you may also want to limit how people can find your Facebook profile with information they may already know about you.
From the Privacy settings page, locate the “Who can look me up?” section. Here is where you can click on the Edit links to control who can find you based on your phone number or email address.
The choices are:
- Everyone (most people will want to change this)
- Friends of friends
In this area, you can also control whether your Facebook profile will be found via a search engine query. Depending on the purpose of your Facebook account, you may or may not wish to change this setting by checking or unchecking the tick box.
Now that we’ve looked at how you can take control of your Facebook privacy settings, it’s time to switch our attention to the security aspects of the social media behemoth.
6. Set up unrecognized login notifications
From the main page, click on the drop-down arrow in the top right corner of the toolbar and click on Settings.
This time, instead of clicking on Privacy, choose “Security and Login” instead.
Now, to receive a notification whenever an unknown computer or other device attempts to access your account, click on “Get alerts about unrecognized logins”.
Click on the Edit button and then choose whether you wish to receive notifications, including email alerts to your primary address or a secondary email account.
7. Encrypted notification emails <Advanced>
If you are uber careful about your security, you may have previously grabbed yourself a PGP public key so that you can send and receive encrypted communications. You can learn more about setting up PGP encrypted email in our tutorial.
If that is the case, Facebook allows you to enter that key so that your notification emails are also encrypted.
After entering your key, click the tick box and then “Save Changes,” remembering to consider whether you wish to save your public key which can be determined through the Contact and Basic Info page.
8. Turn on two-factor authentication
Until a foolproof biometric alternative comes along, the password is here to stay, and that’s not a great option these days. We’ve previously written tips on creating strong passwords, and argued the merits of password managers, but the truth is, most people still end up using quite weak credentials.
The best solution to that problem, for now, is two-factor authentication and you should enable it on your Facebook account right now.
To do so, go to the Security and Login settings and click on Edit for “Use two-factor authentication”.
Here you will be presented with several methods of using 2FA:
- SMS Text Message (a code delivered via phone)
- Security Keys (use a physical security key)
- Code Generator (generate a session code via the Facebook app)
- Recovery Codes (useful if you are out and haven’t taken your phone with you)
- App Passwords (creates a one-time password)
- Authorized Logins (disable 2FA on select devices)
Click on Set Up and configure as required.
9. Check where you’re logged in
Have you accidentally left yourself logged into a device that can be accessed by your family, lost a device or sold one on without logging out of Facebook?
If so, you’ll want to review which devices are logged in and do something about it!
Under the Security and Login section, look for the “Where You’re Logged in” section, which may already be displaying one or two devices. Click on “See More” if you are fortunate enough to have many devices logged into Facebook.
You won’t be able to log out of the session you are currently using (in my case, the Mac I am using in the screenshot above) but you can do so for one or more other devices.
You can either click on “Log Out Of All Sessions” which will do exactly what it sounds like, or you can click on the column of three dots next to a specific entry to log out of a particular session, or notify Facebook that the device in question is not yours at all.
10. Change your password
While we are not advocates of changing a password regularly for the sake of it, there may come a time when you want to change yours anyway, hopefully because you have come up with a much longer and more complex alternative.
To do so, click on the Edit button next to “Change Password” on the Security and Login screen.
If you’re not already using a password manager that auto-populates, you will need to re-enter your existing password, followed by your new one. Re-type the new password and then click on Save Changes.
Now that you’ve locked down your privacy and security, how about blocking troublesome people, messages and apps?
To get started, click on the arrow in the top right corner of the toolbar, click on Settings and then choose Blocking.
11. Block users
If someone is annoying you, by starting conversations you want no part of, tagging you, etc., or you simply don’t want them to be able to see your timeline, then you need to block them.
To do so, find the “Block users” section and simply add their name or email address into the box and click on the “Block” button.
12. Block messages
If you don’t wish to block someone from viewing your timeline, but do want to prevent them from messaging you, then “Block messages” is the appropriate section.
Simply type their name in the box and your mission is complete.
13. Block apps
If you have specific privacy or security concerns surrounding a Facebook-enabled app, it can easily be blocked.
Find “Block apps” and enter the name of the app to accomplish this.
From this Blocking area of Facebook, you can also block app invites, event invites and pages, all in much the same way as explained above.
14. Watch out for hoax updates and messages on Facebook
Now that your account is locked down tight, the only other areas you need to consider on Facebook are the messages you receive, and the content you see on others’ timelines.
It’s always worth remembering that bad guys are always looking for a way to trick their victims into doing something that is to their advantage.
Often this can be something benign, such as liking a ridiculous post that is anything but true – celebrity death hoaxes are quite common on Facebook – or replying to a message containing fake news.
Such scenarios often don’t pose any real risk but can be incredibly frustrating, saddening or simply annoying and a good reason to use the blocking settings!
15. Beware of scams on Facebook
Alas, not all messages on Facebook are interesting/no more than a time sink – some do pose a real danger.
Much like with your email account, bad actors may entice you to click on link which will take you to a website infested with malware, or a good copy of your online banking account from where your login details will then be stolen.
Likewise, some people will use Facebook to scam their unsuspecting victims in all manner of ways.
As ever, if a link looks dodgy, don’t click on it and remember that if something looks too good to be true, it probably is.
Lastly, Facebook is forever changing the way it operates to protect its users so do remember that the above may change over time. If a new privacy or security feature becomes available, or you think we have missed something, please do let everyone know via the comments section below.