How to Secure Your Facebook Account

Quick Take

Your Facebook account holds a treasure trove of personal information that identity thieves would love to access — your full name, birthday, location, family connections, and often your phone number and email address. The good news? You can lock down your Facebook account in about 20-30 minutes using Facebook’s built-in security features.

This guide walks you through enabling two-factor authentication, reviewing privacy settings, checking for suspicious activity, and setting up alerts so you’ll know immediately if someone tries to access your account. When you’re done, you’ll have multiple layers of protection between criminals and your personal information.

Before You Start

What You’ll Need

• Access to your Facebook account and password
• Your mobile phone for text verification
• About 20-30 minutes of uninterrupted time
• A pen and paper to write down backup codes

Why This Matters for Your Identity Security

Facebook accounts are goldmines for identity thieves. Your profile likely contains your full name, birthday, hometown, family members’ names, and photos — exactly the kind of personally identifiable information (PII) criminals use to answer security questions, apply for credit, or convince others they’re you.

Beyond the personal details, a compromised Facebook account becomes a launching pad for attacks on your contacts. Criminals use hijacked accounts to send phishing messages that look like they’re coming from a trusted friend, making people more likely to click malicious links or share sensitive information.

The most important step you’ll take today is enabling two-factor authentication — this single action blocks the vast majority of account takeover attempts, even if someone gets your password.

Step-by-Step Instructions

Step 1: Access Your Security Settings

• Log into Facebook using your computer or mobile browser (avoid the app for these settings — you’ll have better access to all options)
• Click the down arrow in the top-right corner of any Facebook page
• Select “Settings & Privacy” then “Settings”
• Click “Security and Login” in the left sidebar

You’ll see a dashboard showing your recent login activity and security options. This is your command center for locking down your account.

Step 2: Enable Two-Factor Authentication

Two-factor authentication (2FA) means Facebook will ask for both your password AND a code from your phone when someone tries to log in. Even if criminals steal your password, they can’t access your account without your phone.

• Find “Use two-factor authentication” and click “Edit”
• Choose “Text message (SMS)” for the easiest setup
• Enter your mobile phone number when prompted
• Check your phone for a verification code and enter it on Facebook
• Click “Turn On” to enable 2FA

Write down your backup codes! Facebook will show you a list of one-time backup codes. Print these or write them down and store them somewhere safe. If you lose your phone, these codes are your only way back into your account.

Gotcha to watch for: If you don’t receive the text code within a few minutes, click “Didn’t get a code?” Facebook can call you instead or send the code to an email address you’ve already verified.

Step 3: Review Active Sessions

This shows you every device and browser currently logged into your Facebook account. Look for anything you don’t recognize.

• Scroll to “Where You’re Logged In”
• Review each active session — you’ll see device type, location, and last activity
• Click “Log Out” next to any session you don’t recognize
• If you see suspicious activity, click “Not you?” and follow Facebook’s steps to secure your account

What to expect: You might see multiple entries for the same device (phone app, mobile browser, etc.). That’s normal. Focus on unfamiliar locations or device types you don’t own.

Step 4: Set Up Login Alerts

Facebook can notify you every time someone logs into your account from a new device or browser.

• Find “Get alerts about unrecognized logins”
• Click “Edit”
• Turn on notifications for both email and Facebook notifications
• Save changes

Now you’ll get an alert whenever someone (including you) logs in from a new device. If you get an alert for a login you didn’t make, change your password immediately.

Step 5: Review and Restrict Your Privacy Settings

Identity thieves mine Facebook profiles for personal details. Let’s limit what they can see.

• Go back to main Settings, then click “Privacy” in the left sidebar
• Set “Who can see your future posts?” to “Friends” (not Public)
• Set “Who can send you friend requests?” to “Friends of friends”
• Click “Limit Past Posts” if you want to make all your old public posts visible to friends only

Step 6: Limit Profile Information Visibility

• Go to your Facebook profile by clicking your name
• Click “About” below your profile picture
• Review each section (Contact Info, Basic Info, etc.) and click the privacy icon next to sensitive details
• Set your birthday to “Only me” or “Friends” — never Public
• Set your phone number and email to “Only me”
• Limit or hide your hometown, current city, and relationship status

Key principle: If you wouldn’t want a stranger to know this information about you, don’t make it public on Facebook.

Step 7: Review App Permissions

Third-party apps connected to your Facebook account can access your personal information. Many people have dozens of forgotten apps with broad permissions.

• Go to Settings > Apps and Websites
• Review the list of active apps
• Click on any app you don’t recognize or no longer use
• Click “Remove” to disconnect apps you don’t need
• For apps you keep, click “View and edit” to limit what information they can access

Common apps you might find: Old games, quiz apps, music services, or shopping sites. If you haven’t used an app in months, remove it.

Verify It Worked

Confirming Two-Factor Authentication

• Log out of Facebook completely
• Try logging back in — you should be prompted for both your password and a code from your phone
• Check your phone for the text code and enter it
• If you successfully log in with 2FA, it’s working correctly

Checking Your Security Dashboard

• Return to Settings > Security and Login
• Verify you see “On” next to “Use two-factor authentication”
• Check that login alerts are enabled
• Review your active sessions — you should only see devices and locations you recognize

Common Issues and Fixes

“I’m not receiving 2FA text codes”

Try this: Go back to your 2FA settings and click “Choose another way to authenticate.” Select “Authentication app” and use Google Authenticator or Microsoft Authenticator instead of text messages. These apps work even without cell service.

If that doesn’t work: Check that your phone number is entered correctly and that you can receive other text messages. Some carriers block automated messages — contact your carrier to ensure Facebook texts aren’t blocked.

“I see a login from a location I don’t recognize”

Don’t panic immediately. VPNs, work networks, and mobile carriers can make your location appear different. Ask yourself: Were you traveling? Using public Wi-Fi? Connected to a work VPN?

If you’re sure it wasn’t you: Change your password immediately, log out all sessions, and enable 2FA if you haven’t already. Consider running antivirus software on any computers you use for Facebook.

“I lost my phone and can’t get into my account”

Use your backup codes. Remember those one-time codes you wrote down? Enter one of those instead of the text code. Each backup code works only once.

If you didn’t save backup codes: You’ll need to contact Facebook support. Go to facebook.com/hacked and follow their account recovery process. This can take several days, which is why saving backup codes is crucial.

“The app permissions section is overwhelming”

Start simple: Remove anything you definitely don’t use anymore. For the rest, focus on limiting these permissions: access to your email address, friend list, and posts. Most apps don’t need this information to function.

When in doubt, remove it. You can always reconnect an app later if you need it. It’s better to be overly cautious with your personal information.

What to Do Next

Make This Part of Your Routine

Check your Facebook security settings every 3-6 months. Set a calendar reminder to review active sessions, app permissions, and privacy settings. Your digital life changes, and your security should evolve with it.

Monitor your other social media accounts using similar steps. Instagram, Twitter, LinkedIn, and TikTok all have comparable security features. Apply the same principles: enable 2FA, limit public information, and review app permissions regularly.

Strengthen Your Overall Identity Security

Use a password manager to create unique passwords for every account, including Facebook. Popular options include 1Password, Bitwarden, and Dashlane. Never reuse your Facebook password elsewhere.

Consider a credit freeze to prevent criminals from opening new accounts in your name, even if they gather personal information from social media. You can freeze your credit for free at all three bureaus: Equifax, Experian, and TransUnion.

Sign up for identity monitoring that includes dark web scanning. This watches for your personal information being sold in criminal marketplaces and alerts you to potential identity theft before it impacts your credit or finances.

Educate Your Family

Help your family members secure their accounts too. Identity thieves often target multiple family members, using information from one person’s social media to attack others. Consider making this a family activity — everyone secures their accounts together.

Talk to older relatives about Facebook scams. They’re frequent targets for fake friend requests and phishing messages that appear to come from family members in trouble.

Frequently Asked Questions

Should I use Facebook’s mobile app or browser for security settings?

Use a computer browser when possible for security settings. The mobile app sometimes doesn’t show all available options, and it’s easier to review detailed settings on a larger screen. Once you’ve configured everything, the mobile app is fine for daily use.

How often should I change my Facebook password?

Change your password immediately if you suspect it’s been compromised, but you don’t need to change it regularly if you’re using 2FA and a strong, unique password. Focus on using a password manager to ensure your Facebook password isn’t used anywhere else.

Is it safe to use Facebook login for other websites?

It’s generally safer than creating new accounts with weak passwords, but create dedicated accounts for sensitive services like banking, healthcare, or work-related platforms. If your Facebook account gets compromised, you don’t want criminals accessing your other important accounts too.

What should I do if someone creates a fake Facebook profile using my information?

Report the fake profile to Facebook immediately using their impersonation reporting form. Take screenshots of the fake profile before reporting it. Consider alerting your friends and family so they don’t accept friend requests or respond to messages from the imposter.

How do I know if my Facebook data was included in a breach?

Facebook will notify users directly if their data is involved in a breach, but you should also monitor your accounts regularly for suspicious activity. Identity monitoring services can alert you if your information appears on the dark web or in criminal marketplaces.

Conclusion

Securing your Facebook account isn’t just about protecting your social media — it’s about protecting the personal information that identity thieves use to steal your identity and target your family. The 20-30 minutes you’ve just invested in enabling two-factor authentication, reviewing privacy settings, and limiting app permissions creates multiple barriers between criminals and your personal information.

Remember that identity security is an ongoing process, not a one-time task. Social media platforms update their features regularly, criminals develop new tactics, and your own digital habits evolve. Set a calendar reminder to review these settings every few months, and consider extending these same security practices to your other online accounts.

While these steps significantly improve your Facebook security, comprehensive identity protection requires monitoring across all your personal information — not just social media. IdentityProtector.com helps individuals and families stay ahead of identity threats with easy-to-understand monitoring, real-time breach alerts, dark web scanning, and hands-on recovery assistance from identity theft specialists. With comprehensive identity monitoring, real-time alerts when your information is found in breaches or on the dark web, credit monitoring across all three bureaus, and expert recovery support if the worst happens, you can take control of your complete identity security beyond just social media platforms.