You’ve been hearing about it a lot over the past few weeks, and you may well have been one of the unlucky 50 million who had their Facebook hacked in the platform’s biggest ever security breach. Understandably, searches for “how to secure Facebook account” went up, and there was talk of deleting Facebook entirely (again).
It’s always worrying knowing your data has been compromised, but this time, it wasn’t just the Facebook accounts themselves that were vulnerable. A bug in Facebook’s “view as” feature allowed hackers to access users’ accounts, and any further accounts that could be logged into through Facebook’s access token system. Basically, if you logged into other apps such as Instagram and Spotify through Facebook, rather than with a unique password, those accounts could have potentially been accessed by the hackers.
Facebook released a statement saying that it had reset all the access keys for affected users and that those users would have to log back into their accounts. The “view as” feature is currently unavailable as Facebook work to make the site more secure.
So, should you still be worried? It seems like things are back under control – but there are always risks when it comes to your online data. Here’s what you can do to secure your Facebook account – and other apps and accounts – for the future.
1. Stop using Facebook to login to other apps
I know it’s convenient, but it’s always better to log in to your apps with a unique log in rather than through a Facebook token. Loads of apps, from language learning apps to fitness apps, will let you log in via Facebook – but this puts all of your accounts at risk. Not only that, but using Facebook to log in to third party apps that have nothing to do with the platform gives Facebook another way to collect your personal data: your interests, your habits, what you buy and when, as well as all that additional info you might choose to share in specific apps outside of Facebook.
Instead, use your email address and password to sign into all of your apps where possible, so that if you’re unlucky enough to have your Facebook hacked again, your other accounts are still secure.
2. Be prudent when allowing access to third party apps.
As another preventative measure, you might also want to evaluate how secure the apps you’re using are. Your data is both precious and, as we’ve seen in recent years, very vulnerable – so be selective about who you share your data with.
You should only allow third party access to your Facebook when it is absolutely necessary, as low-quality apps can be flawed, allowing hackers to access your data via that app. Ultimately, if an app or website looks a bit suspicious, do your research before using it.
3. Change your password (everywhere)
If you are unfortunate enough to fall prey to a Facebook hack, changing your password isn’t going to solve all your problems, but it’s a good start. This is especially true if you use the same password across multiple accounts (which probably isn’t a great idea!).
Stick to the classic method of choosing a number of complex passwords made of of a mix of numbers and letters, or use a password management tool such as LastPass or Dashlane. Using a password management tool means you only need to remember one master password to log in to all of your accounts. Some will even generate passwords for you, so there’s no specific password for the hackers to steal. Of course, there are always risks using tools like this, but on the whole it’s a much safer way to store your passwords.
4. Enable two-factor authentication
Enabling two-factor authentication will send a unique code to your mobile that you will have to enter (in addition to your password) whenever you login to Facebook. So even if someone is trying to log into your account, they shouldn’t be able to without access to your phone. This is such an easy way to secure your Facebook account – it’s just a matter of a few clicks. Go to Settings → Security and Login → Two-factor authentication → Edit → Turn it on! That’s it 🙂
5. Turn on Facebook Login notifications
If someone logs into your account from an unrecognized device or browser, you can get a notification sent directly to your phone, email, and/or Facebook Messenger. Turn these notifications on in Facebook’s Security and Login page.
Go to Settings → Security and Login → Setting up Extra Security → Get alerts about unrecognized logins. Then just select your preferences, add your email address and phone number if it’s not already there, and save the changes. If and when you get notified of an unauthorized login attempt, be sure to change your password
6. Check your logged-in devices
On Facebook’s Security and Login page, under the tab labeled “Where You’re Logged in,” you can see a list of devices that are signed into your account, as well as their locations. Get rid of any unfamiliar devices by clicking the “remove” button. The only devices logged in should be the ones you own or are currently using.
7. Choose friends to contact if you get locked out of your account
There were reports that in some cases, hackers were able to change passwords and lock users out of their accounts. It’s obviously a nightmare scenario, and you’ll want to be able to regain access to your account should it ever happen to you. So, again on the security and login page, you’ll have to option to choose friends to contact if you get locked out.
When you select “edit” you’ll be asked to select 3-5 trusted contacts who will receive a security code if you ever get locked out. You’ll have to reach out to them to retrieve the code and get back into your account. Once you select your contacts, Facebook will send them a notification.
8. Remember to log out if you’re on a shared device
I’m almost 100% sure you’re doing this already, and perhaps it doesn’t even need stating, but if you are logging onto a shared device, make sure to never save your password on the browser, and to always log out when you’re finished. It’s not going to stop expert hackers from exploiting bugs in the platform and accessing your data that way, but it’s a necessary step in keeping your account safe and avoiding the embarrassment of making such a rookie error if anyone were to access your account that way!
Keeping your online data secure can be a challenge, but if you’re mindful of the risks and implement the steps above, you’re at least going to make it harder for hackers to access your Facebook account! It’s extremely important to secure your Facebook account in every way you can, and beyond that, to always hold Facebook accountable for the security and protection of your data.