4 ways to lock down your Facebook account beyond just a strong password

Facebook is an integral part of your identity, memories, and livelihood, even if you no longer use it. Yet, most people rely on a password to keep their account safe. Passwords can be guessed, stolen, or phished. If someone gets access to your Facebook account from your Android phone or laptop, they can scrape personal data, scam your friends, or take over your linked business pages.

Facebook provides tools to protect your account. However, it doesn’t do the best job of surfacing them. Here are four powerful ways to secure your Facebook account that go beyond the password.

4

Turn on two-factor authentication the right way

SMS is not enough. Use an authenticator app or security key

Two-factor authentication (2FA) is your first real line of defense, but most people stop short by using SMS-based codes. That’s better than nothing, but it’s still vulnerable to SIM-swap attacks or your phone getting stolen. Instead, set up app-based 2FA through a service like Google Authenticator or Authy. If you want to take it a step further, use a physical security key, such as YubiKey. These methods are more secure and can’t be intercepted remotely.

Physical security keys work by plugging into your phone or computer, verifying your identity on the spot. Unlike codes that can be intercepted or stolen, these keys require your physical presence. You can find them on Amazon or the manufacturer’s website. When set up, they work with other services like Gmail or Dropbox.

To enable two-factor authentication, go to the Settings and Privacy page, where you’ll select the settings page. Then, select Password and security and choose Two-Factor Authentication. From here, choose the option that works best for you. Download your backup codes and store them in a safe place. That way, if you lose access to your phone, you’re not locked out of your account.

A whimsical illustration of a phone with asterisks in a hilly area.

World Password Week 2025: AP’s expert tips to stay safe online

The words we trust — and the risks we forget — in our online lives

3

Check your active sessions regularly

Someone could be logged in right now, and you’d never know

Facebook quietly tracks every device and browser that’s logged in to your account. This is your chance to spot anything suspicious. Visit Settings & Privacy > Settings > Security and Login, under which you’ll find the Where You’re Logged In setting. You’ll see a list of devices, along with time stamps and locations.

See something you don’t recognize? Log it out immediately and change your password to be safe. It’s also smart to clear old sessions from devices you no longer use. Maybe you logged in on a friend’s laptop or a work computer. If you forgot to log out, you’re still signed in, and that’s a risk.

If you travel or use VPNs, you may see unfamiliar locations even for your sessions. In that case, look for unknown devices or operating systems instead of just locations. Anything that doesn’t match your usual patterns is worth investigating.

Reduce your visibility to reduce your attack surface

The more public your profile is, the easier it is for someone to impersonate you, scam you, or phish their way into your life. Locking down your discoverability is a simple but powerful move. Go to the Settings and Privacy menu and tap the Settings option. Then, scroll down to Audience and visibility and select How People Find and Contact You. Here, change who can look you up by phone or email to Friends or Only Me. You can also turn off the option that lets search engines link to your profile.

Also, think about who’s on your friends list. If you accepted random requests over the years, prune your connections. Fake accounts often use mutual friends to seem more credible before launching scams or stealing data. Need a quick way to clean up your friends list? Sort it alphabetically or use the Recently Added filter to spot unfamiliar names. If you don’t remember who someone is, or if their profile looks suspicious, it’s safer to remove them.

1

Review app and website permissions

Third-party apps can be silent data leeches

You may have used Facebook to sign in to dozens of apps and services like quizzes, games, and shopping sites. Many still have access to your account, even if you haven’t touched them in years. Revoking access to them boosts your account’s security status.

Go to the Settings and Privacy menu and tap Settings. Now select Apps and Websites. Here you’ll see a list of all the services connected to your account. Remove any that look shady, outdated, or unnecessary. For apps you still use, click View and edit to see what data they collect and whether they need access to things like your friends list or birthday. Don’t give away data you don’t need to. Every unnecessary app is another possible backdoor into your account.

An illustration of a white dog with a smartphone in its mouth

4 reasons you should never use your pet’s name as a password

Don’t compromise your digital life

Security is a habit, not a one-time setup

Your Facebook account is more than a place to doomscroll. It’s tied to your identity, your connections, and in many cases, your livelihood. That’s why it deserves the same level of protection as your bank account or email.

A strong password is important, but it’s only one layer. Enabling 2FA, cutting off unused access points, reducing your visibility, and reviewing connected apps can turn your account from an easy target into a fortress. While none of this is difficult, it requires attention. Facebook updates its tools often, and what was safe a year ago might not be today. So, check your security settings every few months. Stay cautious and stay aware.

Source link

Subscribe now

To access premium content