Facebook Account Security
By Khalil Shreateh — Information Security
Are you aware that your account could be at risk?
Many people have had their accounts hacked. If it has happened to you, or you know someone it happened to, you are not alone. From phishing pages that steal your login credentials, to malware files (.exe) distributed through games, chat apps, and social networks — the threats are real and varied.
Be cautious of links sent to you that claim to contain something important. Be especially careful if a link asks you to log in again — check whether the website address is actually facebook.com and not something like (facebook . hosting2 . com).
Also be careful about sharing your email address and passwords. In many cases, attackers will collect email addresses and passwords from other hacked websites, then try those same credentials on Facebook to gain access to your account. They may then send spam messages to your friends, post on your timeline, and send unwanted messages on your behalf. They could even try to exploit your friends' trust.
Use a strong, unique password — a mix of letters, numbers, and symbols that is not used on any other website. Consider using a password manager like LastPass, KeePass, or Password1 to store and manage your passwords securely.
Steps to Fully Protect Your Account
Follow these steps to protect your account completely:
1 — Add Your Mobile Phone Number
Go to the mobile settings page: https://www.facebook.com/settings?tab=mobile
After adding your phone number, make sure the phrase "Verified" appears next to it.
2 — Enable Login Notifications
Go to the security notifications settings page and enable them as shown: https://www.facebook.com/settings?tab=security§ion=notifications&view
This will notify you via email and/or SMS whenever someone logs into your account from an unrecognized device or browser.
3 — Enable Login Approvals
Go to the Login Approvals settings page and enable the option: https://www.facebook.com/settings?tab=security
When Login Approvals are turned on, Facebook will request a security code every time someone tries to access your account from an unrecognized browser. The code is sent as a text message to your mobile phone, and you must enter it to complete the login. This adds a critical layer of protection — even if someone knows your password, they cannot log in without also having your phone.
4 — Add Trusted Contacts
What are Trusted Contacts?
Trusted Contacts are friends you choose who can help you regain access to your account in an emergency — for example, if you forget your password and cannot access the email address linked to your account.
Once you have set up Trusted Contacts, Facebook can send security codes to those friends. You then contact them, collect the codes, and use them to log back into your account.
To add Trusted Contacts:
- Go to: https://www.facebook.com/settings?tab=security§ion=trusted_friends&view
- Click "Choose Trusted Contacts"
- Select between 3 and 5 friends and confirm your choices
To edit or remove Trusted Contacts, follow steps 1 to 3, then click "Edit Trusted Contacts".
5 — Remove Trusted Browsers
After completing all the steps above, you can now remove all previously trusted browsers. When you log into Facebook next time, it will send a text message to your mobile phone containing a code. You enter that code into the browser to confirm your login. Facebook will then ask whether you want to save that browser as trusted.
Recommendation: Do not save the browser as trusted, especially if you are logging in from a public or shared computer. Only save your own personal device as a trusted browser.
It is worth noting that even if someone else knows your login credentials, they cannot log in without physically having your phone. However, this does not mean you should share your password with anyone.
That's the full article. It's a practical Facebook security guide covering the five main protection steps: adding your phone number, enabling login notifications, enabling login approvals (2FA), setting up trusted contacts, and removing saved/trusted browsers.