Facebook Privacy & Security Guide: Everything You Need to Know [Updated]
The complete guide to Facebook security, so you can master your profile’s safety
Facebook grew in the past years to become the largest online social network in the world.
It spread so much that even our parents, neighbors and distant relatives, even from remote areas of the country, now constantly use it.
It’s the place where everybody is active, from friends, family, work colleagues, old school friends to politicians, law enforcement departments and strangers who simply decided to add us as their friends.
The problems appear when the distinction between public and private space become blurred. Without a clear understanding of our security and privacy settings, we may end up victims to identity theft, phishing attacks or other malicious actions.
Where do we stand when it comes to our private and public persona?
Is there a way to be out there with everybody and, in the same time, keep the sensitive information as safe as possible?
How do we enhance our privacy on the biggest network of the moment?
Let’s find out:
Here’s how to tweak your Facebook’s account Security Settings
Start by accessing your Facebook account settings.
To do this, log into your Facebook account and go to the top right corner of the screen and select “Settings” from the drop-down menu.
We’ll take each section and discuss it separately before we continue to the next one, as they appear in the Settings menu.
1. General Account Settings
From there you’ll be able to reset your Facebook password. With the risk of sounding like an annoying parent, we just have to repeat why it’s important to set a strong and unique password:
Strong: so that nobody with malicious intentions will be able to guess it.
That means no easy and common passwords, no family names (your cat counts as a family member), no nicknames, no birth dates, no favorite songs or movies or mottos, no nothing that can easily be found out about you.
Unique: because in case that one of your accounts is breached, all your other accounts where you used the same password will end up compromised. It doesn’t even have to be your fault.
You might have heard of the recent mega breach that compromised more than 600 million social profiles (and if you didn’t get the chance, here are all the scary details).
After you’ve set up the password, you’ll need to activate the Two-Factor Authentication as a second layer of protection, but we’ll get back to this matter later.
Ok, back to the General Account Settings. From the same location you can also download a copy of your Facebook data.
This includes your Timeline info, shared posts, messages, photos, ads you have clicked on, the IP addresses where you’ve logged into your account, and more.
2. Security Settings
We continue to the Security Settings.
From here you’re able to set:
This option allows you to receive Text and Email messages whenever your account is accessed from a new computer or mobile device. This one’s extremely useful in case someone else tries to access your account.
Activate this option and use it together with the following one.
“Login approvals” is the name given by Facebook to Two-Factor Authentication.
By activating this option, the network will require you to authenticate with a second security code every time you’ll want to access your account on a new browser or device.
This works as a second layer of protection, besides your password. The second pass code will be a unique, time sensitive one, much harder to get breached.
You have three options:
- A security code sent by SMS to your mobile device;
- Generate a security code using Code Generator from your Facebook mobile app;
- 10 pre-generated codes that you can print on a piece of paper and use them whenever your phone network isn’t available.
I just have to add that this is one of the most efficient ways to secure your account, so please activate it now. Hopefully, Facebook will activate it and make it default for everybody real soon.
Use this option together with Login Approvals to create new authentication codes. You’ll use these to access your Facebook account from a new device.
This option helps you create single use passwords in order to access third-party apps on Facebook and keep your main password safe.
When you’ll log out of the app, the password will not be saved. To access the app again, you’ll need to generate a new, single use password.
From this place you’ll select your close friends that will help you in case you ever have trouble accessing your Facebook account.
Your Browsers and Apps
This is where you can review the web browsers and apps you saved in order to access your Facebook account without confirming your identity.
If you don’t recognize or you don’t use one of them anymore (a former workplace or sold mobile phone, for example), disconnect it from here.
Where You’re Logged In
Use it together with the “Trusted Browsers” feature. Review your logged-in status from here and end activity for any device or place that you don’t recognize.
Deactivate Your Account
In case you ever grow tired of Facebook, from this place you can choose to temporarily deactivate your account.
Some information will still be available to others, such as your name in their friends list, or the messages you exchanged.
You should know that this option doesn’t permanently delete your account and you’ll be able to reactivate it at any time you want.
However, if you’re serious and you want to permanently delete your account, you can do that from here. Keep in mind that it may take up to 90 days before the deletion process begins. You might also want to consider downloading an archive of your data beforehand.
3. Privacy Settings
The next area that you need to access is the Privacy Settings and Tools one. From here you’ll be able to tweak basic privacy settings and make sure that your past and future posts won’t be seen by intruders.
Who can see my stuff?
From here you can control the privacy of future posts. Select the appropriate audience for your future posts, you can share them with:
- Public (if you want everybody to see them)
- Friends with Acquaintances
- Only Me
- Custom Audience (if you use Friends Lists)
It’s recommended that you set the default sharing option to Friends. Unless you manually change it, Facebook will remember this option and post all your future statuses as only available to your Friends.
From the same location you can also review your activity by using the Activity Log.
Keep in mind that even if you choose to hide a post or photo from your Timeline, the post or photo will still be uploaded online. From there on, you can either choose to Remove Tag or even Request the post to be deleted.
And one last feature available in this section: “Limit the Audience for Old Posts on Your Timeline” – guess this is pretty much self-explanatory, right? By using this tool, all the audience for the content from your timeline will be changed.
Who can contact me?
From here you can choose who’s able to send you friend requests.
If you want to be added as a friend by anyone in the world, even if you don’t have any connections in common, you need to set this option to Everyone.
Who can look me up?
In this place you can choose if you want people to find you using your email address or phone number.
From here you can also select if you want search engines, such as Google or Bing, to index your profile and link to it. If you deactivate this setting, your profile will be found only by people searching for your name directly on Facebook.
4. Timeline and Tagging Settings
Next in line: Timeline and Tagging Settings. This place allows you to set other privacy settings, such as who can post to your timeline, timeline visibility and tagging.
We’ll discuss each separately.
Who can add things to my timeline?
This one is pretty straight forward. You can choose who can post on your timeline – if you also hate birthday wishes from unknown people who choose to post on your timeline, select “Only Me” instead of “Friends”.
From here you can also choose to review the posts you were tagged in by your friends before they appear on your timeline. Enable this option to keep spammy or phishy posts away.
Don’t forget that these posts will remain online and still appear in Facebook’s search or news feed. You’ll have to manually remove each tag or even ask the friends who uploaded them to delete them.
Who can see things on my timeline?
This option will help you review what other people see when they look over your profile.
From here you’ll be able to see how your Timeline looks like to the public (to users who aren’t connected to you in any way), to your Friends or even to a specific person.
You can use this last feature in case you ever choose to hide a post from specific people and you want to see how it looks like when they look over your profile. Let’s say that you want to throw a birthday surprise party for your dad: in this case, you can write a post where you announce the event. Before you post it, you can choose to share the post with a Custom Audience (a specific list of Friends), specific Friends (if you want to manually add their names) or NOT share it with specific Friends (anyone you include here won’t be able to see that post unless you tag them).
From here you can also select who can see posts you’ve been tagged in on your timeline and who can see what others post on your timeline.
How can I manage tags people add and tagging suggestions?
If you activate the option to “Review tags people add to your own posts before they appear on Facebook”, you’ll be able to check and approve those tags. This way, when someone adds a tag to one of your posts, you’ll be asked to review it before they appear on Facebook.This is an option for tags added by friends. If someone who’s not your Facebook friend will add a tag to one of your posts, you’ll always be asked to review it.
Another setting from here: when you’re tagged in a post, who do you want to add to the audience if they aren’t already in it? Choose “Friends” if you want them to see the post you were tagged in, “Only Me” if you don’t want your friends to see it, or you can create a custom audience.
From the Blocking tab you can restrict the way in which other Facebook users, apps or pages interact with you.
Here’s what exactly you can set from here:
This option is probably extremely popular among kids who don’t want their parents to see what they post, but they still want them to be friends on Facebook.
Here’s how it works: if you want to restrict a friend from seeing anything that you post, you add them to this list. They’ll still be able to see your public posts, those where you are both tagged in or where a mutual friend was tagged in, but that’s it.
Facebook won’t notify them when you add them to this list, so they won’t know. 😉
Block users, app invites, event invites
In case you want to get rid of annoying users, games or events, this is the place to go.
From here you’ll be able to:
- Block users that you don’t want them to see your Facebook profile, add you as a friend, see what you comment on other profiles or pages or send you any kind of invitations (events or groups).
- Block someone from sending you messages and video calls. Yes, this one’s separate from the first option. Unless you also block their profile, they’ll still be able to post on your Timeline, tag you, and comment on your posts.
- Block those annoying game invitations (hit ‘em hard!).
- Block a page – they won’t be able to interact with you anymore, with your posts or like or reply to your comments. If you currently like that page, by blocking it you will unlike it and unfollow it.
- Block any other kinds of app invites from someone.
- Block event invites from someone – this way, you’ll automatically ignore future event requests from that friend. Use this for those PR people from your list, who try to exploit you by sending you all kind of irrelevant event invites.
From the Mobile section you can enter your mobile phone number (or numbers). You’ll use it when you activate Login Approvals and need to receive the unique code for the second factor authentication.
Here’s also the place where you can activate text messaging from. Facebook Texts are not currently supported by all countries or mobile service providers, but you’ll have a list here.
7. Follower Settings
The Follower tab also has a few important privacy settings, from here you can:
- Choose who can follow you. Friends follow you and your posts by default, once you add them to your friends list, but you can also allow people who are not your friends to follow your public posts.
- Choose who can comment on your public posts. In case you want to somehow keep weird users away (or at least not have them interact with you and your friends).
This one is among the most important privacy settings for your Facebook account.
The Apps section shows you what third-party apps you connected in the past, such as:
- Other social media apps (Instagram, for example);
- Other social media websites (Medium, for example);
- Any other kind of apps or websites where you connected with your Facebook account.
Keep in mind that all these external apps can access all the tons of data collected by Facebook about us.
Review what permissions you gave to each of those apps and if they are allowed to post on Facebook on your behalf (and to what audience).
Decline any kind of intrusive apps and permissions allowed in the past. Disconnect any apps that you don’t remember giving them access or you don’t use anymore. All those are potential vulnerabilities to your security and privacy.
For more details on how to master app permissions, you can read the security guide from my colleague, Andra.
Do you want to allow third party sites access to your personal information? Do you want Facebook telling your friends what you like? If you want to opt-out from these two options, simply select “No” or “No one” to these options.
A few more tips and tricks to enhance your Facebook security & privacy
You may be targeted by online scammers who want to collect data about users by creating fake Facebook profiles.
Also, if you ever have enough time, do a clean-up of your friends list and remove anybody you don’t know or never interacted with.
If you have way too many friends, you can also try this technique: every day look at the birthdays and remove anyone you have no idea who they are. Instead of wishing them a happy birthday. 🙂
Trust me, you’ll regret it.
Even if they are your best friends now and you can’t imagine your life without them, you never know how your relationship is going to evolve.
All that information can end up being used against you (seen that happen way too many times by vengeful ex employees, ex lovers or friends who felt betrayed).
This also goes for your plugins and add-ons, but also your operating system.
Keep them patched and up to date, in order to close all the security holes. It will help you reduce the chances of a cyber attack that exploits those vulnerabilities.
A multi-layered security system will help you keep cyber attackers away.
Start by installing a good, trustworthy antivirus (if you don’t already have such a thing).
You can also enforce your security system with a traffic filtering software that works in a proactive way and blocks second generation malware (such as ransomware attacks). And yes, Heimdal is that kind of a software.
Pay attention to the various messages you receive from users asking for your personal data.
Follow the previous link for a guide that exposes them and also gives tips on how to stay safe.
In case you have to connect to Facebook from a different computer, one normally used by other persons, don’t forget to log out of your account at the end of the session.
When a website becomes popular, you can bet that scammers will be there, somehow trying to take advantage of it. Facebook is no exception to that, as it is the most popular social network in the world.
The Facebook team works hard to keep you safe and secure, but they can’t control anything.
Contribute actively to the community.
Seen any scams or phishing attempts? Don’t let them pass unreported.
Noticed anything weird? Report it.
Spotted a copyright infringement? Please do contact the Facebook support team and let them know.
We would also like to know what are the main security and privacy issues you encountered on Facebook so far.
Please comment below and we’ll try to help you as much as we are able to (or at least redirect you to someone else who can help you out with your issue).
* This article was initially written and published by Aurelian Neagu, in October 2014, and brought up to date by Cristina Chipurici, in June 2016.