Here we walk you through the important settings you can change and behaviors you can implement to lock down your privacy on the social network.
Note: To change many of the settings below, Facebook will ask you to input your password. It’s a good reminder that if your password isn’t strong or unique to the site, now is the perfect time to change it!
Enable 2FA
If you only do one thing on the list in this article, do this: enable two-factor authentication (2FA). This means someone trying to break into your Facebook account needs more than just your password, they also need a second token that you own, be it a code or a physical key. The chances of someone having this in their possession are pretty small, so this step will stop most intruders in their tracks.
Facebook will walk you through the steps to enable 2FA on your account to help you get set up. You have a few options available to you for how you want to authenticate: you can choose to use a code sent to you by text message, which is easiest but not completely secure, or to use a code generated by an authenticator app on your phone, which takes a little more setup work.
If you’re really savvy and browsing using the website on a computer, Facebook also supports U2F keys like YubiKey, which is a physical key you plug into your computer’s USB port as your authentication token.
How to do it on your desktop: Go to your Facebook Settings and select Security and Login from the menu on the left. Next to Two-Factor Authentication click Edit and then Get Started.
How to do it in the app: Open Privacy shortcuts from the hamburger menu in the bottom left. Scroll down to the Account Security section and tap Use two-factor authentication. Choose whether you want to set up SMS 2FA or use an authenticator app.
You can turn on 2FA for your account from either the website or the app, you don’t have to do it in both places.
Get login alerts
If someone does manage to get into your Facebook account, you’ll want to know about it as soon as possible. If requested, Facebook can alert you to any strange-seeming logins to your account. You can be alerted via email, text message, Facebook message or even a Facebook in-app notification. It’s a little peace of mind and a very simple measure to set up.
How to do it on your desktop: In your Facebook settings, select Security and Login and scroll down to Setting up Extra Security. Hit the Edit button on Get alerts about unrecognized logins and customize how you’d like to be notified.
How to do it in the app: Open Privacy Shortcuts from the hamburger menu in the bottom left. Scroll down to the Account Security section and tap Receive alerts about unrecognised logins.
Check your connected apps
That quiz you took years ago about your star sign that you promptly posted and forgot about? All these years it’s had permission to see your profile, posts, and friends’ posts into perpetuity, so why does it still have this access?
You could have any number of apps like this quietly sniffing your information in the background. There’s an easy way to check what apps you might still have enabled, and disable them if you like. It’s best to have as few apps enabled as possible – and definitely remove permissions for any apps that you don’t recognize or remember using.
How to do it on your desktop: In your settings, go to Apps and Websites. Check the apps in your Active and Expired categories and remove any or all of them.
How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to the Security section and tap Apps and Websites. Open Logged in using Facebook and check the apps in your “Active” and “Expired” categories and remove any or all of them.
Note, there is also a Business Integrations section, separate to Apps and Websites, that you might want to check for connected services too.
Be discriminating in how people find and contact you
The whole idea of Facebook is to reach out to friends and family and grow your network, but spammers and fake profiles seem to be some of the most enthusiastic users of the platform lately.
If you’re tired of getting suspicious Facebook friend invitations, or would rather not invite the risk of getting a phishy or malicious link on your Facebook wall, be discriminating in who you befriend. We suggest limiting who can contact and find you on the platform to “Friends of friends,” and to limit email and phone lookups to “Friends of friends” as well.
How to do it on your desktop: In settings, select Privacy. Modify your preferences for how you can be found on Facebook under the How people can find and contact you section.
How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to the Privacy section and hit Privacy settings. Scroll down to How people can find and contact you.
Call for backup: Choose friends to help if you’re locked out
If you’ve had issues in the past with your account being compromised – say if you’re a public figure or just very unlucky – Facebook has an option to let you select three to five people in your friends list who you can call on to help you gain control over your account if you’re ever unable to log in (say, because someone else has locked you out.)
This is not a feature that everyone will need, so if you don’t think it’s going to be that big a deal if you’re locked out of your account, feel free to skip this one. But if Facebook is your primary means for earning a living, or communicating with customers or your fanbase, this setting is worth your consideration.
The people you choose to be your backup – which Facebook calls your “trusted contacts” – should be people you know will be tech-savvy enough to know how to help you quickly (so, ideally someone who knows how to use a smartphone), and they should also know ahead of time that you’re choosing them to be a trusted contact, as Facebook will notify them that you’ve tapped them for this ‘honor’.
At no point will any of your trusted contacts have access to your Facebook account personally, nor will they be able to commandeer it at any time – they will be able to send you a code and a URL to help you log back into your account in case of an emergency.
How to do it: In Settings, go to Security and Login and scroll down to Setting up extra security. Hit edit on Choose 3 to 5 friends to contact if you get locked out and follow the instructions.
How to do it in the app: Open Settings from the hamburger menu in the bottom left. Under Security, tap Security and login and scroll down to Setting up Extra Security. Hit Choose 3 to 5 friends to contact if you are locked out.
Face recognition and tag privacy
Facebook maintains that it has face recognition capabilities for our own benefit – so we can know if we’re in a photo but haven’t been tagged, and someone can’t impersonate us by using our profile photo (we’re wise to your tricks, spambots!). But many of us also find this kind of tech creepy and intrusive. If you don’t want Facebook to proactively find you and identify you in photos, you can disable face recognition.
How to do it on your desktop: In Settings, select Face Recognition and then choose No.
How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to Privacy and open Face recognition. Select No.
Note that face recognition isn’t the same as when people you know tag you in photos. If you don’t want people to tag you in photos or posts without your approval first, there’s another setting you’ll want to enable.
How to do it on your desktop: In Settings, go to Timeline and tagging and then choose On for both options in the Review section.
How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to Privacy and open Timeline and tagging. Scroll down to Review and ensure both are set to On.
Keep your posts friends-only
You wouldn’t leave your front door open all the time. Why make the details of your personal life open and public for all the cybercriminals in the world to mine? Leaving your posts all public-facing is a gold-mine for criminals looking for details to try and guess security questions, or impersonate you to scam friends or family.
There’s a really easy solution here: Keep your Facebook posts out of the public eye and make the default privacy level friends-only. That way only the people you have approved and friended can see what you’re up to.
How to do it on your desktop: In settings, select Privacy. Under Your Activity set Who can see your future activity? to Friends, and click Limit past posts to retroactively make all your previous posts Friends-only as well.
How to do it in the app: Open Settings from the hamburger menu in the bottom left. Scroll down to Privacy and open Privacy settings. Under Your Activity set Who can see your future activity? to Friends, and also go back a step and turn on Limit who can see past posts too.
Be discriminating in what you do
Unfortunately, the risks to Facebook users are no longer just from external forces trying to break their way into your account. Unfortunately, we’ve learned in the last year or so that there have been a few Facebook-approved data miners, like Cambridge Analytica, that were given unfettered access to what Facebook users were up to behind the garden walls.
So the steadfast internet advice applies here as anywhere: Mind what you post, and remember that the internet is forever. Even content you post behind the friends-only filter on Facebook is not an ironclad guarantee of privacy, so use discretion and if your gut is telling you to not hit that “post” button, it’s best to listen.