I see my friends yelling that their facebook accounts were hacked and someone has started posting nude content to their friends’ walls. To avoid account getting your Facebook account hack safe, you can follow these simple steps.
1. Create Strong Password
This is so obvious yet easy to neglect. Most users end up with passwords like love1234, that are too easy to guess. Always create a strong password containing mixed characters – digits, alphabets (both lower and capitalized), underscore and special symbols like @ or #. Although it might prove troublesome but it’s also a good practice to create a unique password for all of your online accounts – in case one gets hacked, not all of your accounts are compromised. To change your password in Facebook, To change your password, go to Settings -> General -> Password and click Edit. The URL of this page will be like: https://www.facebook.com/settings?tab=account
2. Add your mobile number
It is one of the strongest backup for a compromised account. A confirmed mobile number added to your account will help you get notifications about suspected account activity and most importantly it can be used as your second layer of defense against an unrecognized sign-in attempt. To add your mobile number, go to Settings -> Mobile and click on Add a mobile number. The URL in your browser should look something like this: https://www.facebook.com/settings?tab=mobile. Provide your phone number with correct country code selected. You will receive a confirmation code on your mobile number as a sms. Put that in the confirmation box and your mobile number is now verified.
3. Enable Login Alerts
With the mobile number now added, you can receive a login alert whenever someone or even you login with an unrecognized device. This is helpful to alert you about a hacker being logged into your account – you can then act instantly to change password and other measures mentioned below. To enable login alerts go to Settings -> Security-> Login Alerts and click Edit – enable all kinds of login notifications you see under the Edit tab. The URL for the security page should be something like: https://www.facebook.com/settings?tab=security
4. Enable Login Approvals
Login approvals, just like the login approvals of Gmail, are the most secure way of preventing unauthorized access to your Facebook account. This works by sending you a login confirmation code to your mobile number whenever you try to attempt signing in from a device you haven’t used before. This layer of security is on top of having a strong password. So even if the bad guy somehow knows your password, he cannot login to your FB account unless he passes the login approval page (obviously in case the mobile is in his possession, this method too is helpless).
To enable login approvals you need to go to Settings -> Security-> Login Approvals and click Edit. Check the “Require a security code to access my account from unknown browsers” checkbox and click Save Changes.
4. Check “Where You’re Logged In”
Many people don’t realize the importance of checking their active facebook sessions – which means all the devices and their locations at which their account is currently logged in. Even with all the login alerts and approvals enabled, it’s a good idea to check your active login sessions and retain only those you feel confident about their authenticity. Once again go to Settings -> Security -> Where You’re Logged In and click Edit. The URL should look something like this: https://www.facebook.com/settings?tab=security§ion=sessions&view. Examine the list of platforms it shows your account currently holds an active login session – Desktop, Mobile, Facebook Messenger etc. Clicking on any of the listed tabs will reveal the details like Last accessed, Location and Device type. You can opt to end the session by clicking the End Activity link inside the expanded tab. Or you may want to click End All Activity link provided under the main tab “Where You’re Logged In” to log out your facebook account from every device and start over the login process for each of them.
5. Add Trusted Contacts
You can even rescue your hacked account by adding trusted contacts – these are the friends in your facebook account whom you can reach out in case you are not able to log into your account. To add trusted contacts, go to Settings -> Security -> Trusted Contacts and click Edit. Add 3 to 5 trusted friends as your trusted contacts.
In case you need to rescue your account as you are not able to login to your account, you avail this option by visiting the URL: https://www.facebook.com/login/identify. Find your account and follow the instructions to use your trusted contacts to get back into your account. You’ll receive a set of instructions that includes a URL. The URL contains a special security code that only your trusted contacts can access. Call your friends and give them the URL so that they can open the link and give the security code to you. Use the security codes from your friends to access your account.
6. Review Your Browsers and Apps
It’s very important to review the list of devices and/or browsers/apps recognized by your account. This include all those devices and/or apps where your account has been accessed and logged in. Facebook will keep a list of these devices/browsers/apps and won’t ask you to provide Login Approvals or Login Alerts. To see the list go to Settings -> Security -> Your Browsers and Apps and click Edit. The URL should be: https://www.facebook.com/settings?tab=security§ion=devices&view. You will see two lists of devices labelled as “This device:” and “Other devices”. This device shows the name of the device you are currently logged in from. If it’s the first time you are seeing the “Other devices:” list, it’s better to remove all the devices from the list, leaving only the apps you know are authorized to access your Facebook account. This step will essentially require all the devices/browsers/apps to re-authorize access to your account – with the Login approvals and Check “Where You’re Logged In” steps taken, this should filter out the compromised login sessions, once and for all.
7. Don’t check ‘Keep me logged in’ on public devices
This seems trivial but it’s often seen people checking ‘Keep me logged in’ option on public computers or the devices which are shared by others and then forgetting to logout – thinking that just closing the browser will logout their accounts. Unless it’s your personal computer or any other device it’s better to provide password (and if login approvals enabled, the sms code) every time you login to your account than seeing some nude pictures posted on your family friends’ walls from your account.
8. Be smart and vigilant – avoid getting trapped by phishing and spam links
Phishing links are usually the links sent via emails to fool the recipient in providing his login or credit card credentials. These emails will tempt the recipient to open the phishing link by felicitating him for a lottery win etc. The link once clicked will open a page which looks remarkably similar (or even same copy) of the target account page – it can be a facebook password change. This way the attacker gets a copy of the secret information shared by the be-fooled user. To avoid getting trapped into such tricks, always check the URL in the browser before entering your sensitive information. For facebook, it should start with https://facebook.com or https://www.facebook.com (don’t get fooled by similar texts like faceb0ok.com or faceb00k.com or fbaccount.com etc). And it should have a green lock before the URL in the address bar of the browser which shows that the connection is secure and any data shared cannot be eavesdropped by an intruder. Never paste any code in your browser address bar – this was one of the ways facebook pages were hacked until recently when the facebook circumvented it by asking the user to provide a password confirming the change of page admin.
9. Install an Antivirus program
Although the above measures will almost make sure the security of your account, it is nonetheless important to keep your machine free of viruses/malwares/trojans. A good antivirus will give you an ease of mind while typing your password and any sensitive information in general, via keyboard, that no keylogger is logging your strokes and sending them to a hacker. This will also help you keep at length many spamming agents responsible for spam links being posted to facebook walls.
If you do follow all these steps, your facebook account’s security is highly unlikely to be compromised. Let me know your comments 🙂 Thanks