If you haven’t read part one of our Facebook privacy blog, it wouldn’t hurt for you to go back and read that one first. Today, we will be building off of that blog, teaching people how to properly configure their accounts to give them the best chance to lock down their private information.
Of course, Facebook, being one of the predominant web-based services in the world, has a checkered history when it pertains to individual’s privacy. In fact, I think a fair share of its ongoing troubles when it comes to individual privacy have a lot to do with their overwhelming success.
Therefore, knowing how to protect yourself by taking control of your personal information on Facebook is a good start. Today, we provide an excellent starting point for anyone who doesn’t understand Facebook’s privacy settings, and who hasn’t used two-factor authentication yet.
Let’s get started by logging into Facebook on a computer, not a mobile device.
Once you’ve logged into Facebook.com, you’ll want to click the little down arrow on the top right of the page. In that menu click on Settings. This can get a little confusing, so if you ever need to start from the beginning know that using the little down arrow can bring you back.
Firstly, you will want to make sure that you own and control all of the email accounts tied to your Facebook account. If you used an old email address (that you can’t get into), you’ll have a hard time getting back into the account if something were to happen.
Click Security and Login on the right.
Facebook will show you all of the devices you are currently logged into. Some of these will be a surprise. It will show you where your device was last used, the device that was used, and the browser type if applicable. You’ll want to think about all the devices you’ve accessed your Facebook on before jumping to the conclusion that you’ve been hacked. The longer you have been an active user, the more devices you’ve accessed your Facebook on; and, if you haven’t logged out of the account on that device it will show up here.
If you do see something suspicious, change your password (directions below). From this screen you can also log any device out of your Facebook account by selecting the three-dot icon that corresponds to the device in question. It’s a good idea to keep your Facebook profile logged out on devices you don’t actively use.
While there--especially if you think any of these devices are remotely suspicious--change your password. It won’t take long to do it and you will wish you did the minute your Facebook friends are getting spammed with phishing messages.
To accomplish this, just click on the down arrow on the top right of Facebook, going to Settings, and clicking Security and Login.
It is important to never use the same password for two different accounts online.
Underneath the password options are the settings on how to set up two-factor authentication (2fa). This feature adds additional security to your account in the manner of adding a separate device. Select Use two-factor authentication and click edit. Facebook will take you to a page that walks you through setting it up. From there, click Get Started.
You will be given two Security Methods. Before choosing an option, you should understand both.
Option 1 - Authentication App - This option will allow you to use a third-party app to authenticate your identity as the owner. Popular authentication apps include Google Authenticator, Last Pass Authenticator, or Duo Mobile. Using the authentication app option is a bit more secure, but it does require you to have access to the mobile device that the authenticator app is installed on.
To set this up, open your authentication app on your mobile device. It makes the most sense to use the authenticator app that you use for other accounts, but if you don’t have one, and you have a Google account, use Google Authenticator.
Then, from Facebook on your computer (see the above screenshot), select Authentication App and click Next.
Facebook will present you with a QR code to scan. In your Authenticator App, add a new account (typically there is a + icon to tap) and scan the QR code. Once scanned, the app will generate a 6-digit number to use. Facebook will ask for a Confirmation Code. Type in the six-digit number and you’ll be set.
Option 2 - Text Message - The second option sends a code via text message to your mobile device. Make sure that you enter the correct number. This method may not be as secure as using an authentication app, but for practical purposes it will do.
Configuration is simple. Once you have chosen Text Message and click Next, Facebook will text you a code. Type that code into Facebook and voila, you are in.
Depending on the option you choose, Facebook will walk you through the next steps to verify and enable two-factor.
Add a Backup
One you’ve successfully set up two-factor authentication, Facebook will provide you with an option to Add a Backup. If you choose to set up two-factor with an Authentication App then Facebook will allow you to set Text Message 2FA as a backup, and vice versa. It’s not a bad idea to set up the other method as well, just in case.
Nowadays, a lot of online accounts offer 2FA. Some of the most recognizable ones will give you a backup option to get into your account if your primary 2FA account isn’t available.
Facebook also lets you grab Recovery Codes (Google also does this, so if you have a Google account or use Gmail, it’s a good idea to get all of this set up over there as well).
Back on the Two-Factor Settings page, under Add a Backup, there is an option for Recovery Codes.
Click Setup, and Facebook will pop up a window telling you about recovery codes and click Get Codes.
At this time, Facebook will provide you with 10 recovery codes. You can use them in an emergency to get back into your account. These codes are just single use 2FA codes, so you’ll need to know your password and one of these codes to get back into your account. Since these codes can only be used once, you can request 10 new codes at any time by returning to the Two-Factor Settings page. Keep these codes in a safe place to ensure your account isn’t accessed by anyone else.
If you go back to the Security and Login area of the settings menu, scroll down to Setting Up Extra Security.
This area allows you to set alerts when a new device or browser is used to log into your Facebook. The menu allows you to define additional email addresses. You can also have those notifications sent to you via Facebook Messenger, SMS, or as a Facebook notification.
Below that option, you can choose 3 to 5 Friends to Contact if you get locked out of your Facebook account. If you choose to configure this option, you’ll want to ensure that you only give people you trust, and who cares about their own security access. If you don’t have that, it’s okay to turn off this option.
This is a lot, but setting up two-factor authentication and having control over who can access your Facebook account will go a long way toward securing your experience. Our suggestion is to use multi-factor authentication where you can to keep your identity secure online.
Check back for part three of our Facebook privacy series and leave any thoughts you may have in the comments section below.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.