We all have very elaborate Facebook profiles. Some have their bosses as friends while others have their closest friends. Either way nobody wants to have someone else take control of their Facebook accounts as it can often lead to embarrassment and in some cases even pain.

The reality is that with the proper settings and vigilance, Facebook is one of the safest platforms in existence today. The key is to follow these guidelines and we can guarantee your Facebook account will never get hacked!

    1. Choose a Strong Password

IT Guys are always emphasizing the same things: Never open unknown files, never leave your computer unattended while logged in and USE STRONG PASSWORDS. It’s even more important to recognize what a strong password policy exists of:

  • Use a password that cannot easily be guessed

A lot of people like to use passwords they can easily remember – whether it be their spouses’ name or their birthday. The problem is that if you can easily remember your password, others can easily guess it. Here’s a list of passwords you should never use:

  • Your name or the name of a family member or pet
  • Your birthday or an important date in your life
  • Common passwords like “password”
  • Your physical address or a contact detail (such as a telephone number)
  • Your Bank Account Number or anything similar
  • Use a mixture of characters, numbers and symbols

A common mistake made is when people take one or two random dictionary words and use it as their password. A password like “GreenBananas” is easy to hack. Add atleast 2 or more characters or numbers to your password to make it stronger. In our example you can change the password to “[email protected]@$” to make it extra strong.

  • Change your password frequently

The 3rd important part of a strong password policy is to change your password frequently – on all your accounts. We recommend changing the passwords on all your accounts to passwords you have never used before, atleast once every 2 months.

  • Use different passwords on different websites

Repetition is a bad thing when it comes to passwords. Using the same password on all your online accounts means that should one of your passwords get hacked, all of your accounts will get hacked. This also means never reusing any of your previously used passwords.

  • Keep your passwords in a safe place

In my many years of experience I have seen a lot of bad habits. Writing your passwords on your office deskpad or keeping them on a notepad file on your PC desktop will mean that others will have easy access to them.  Since we encourage using a lot of passwords on many different sites, it might be difficuilt (if not impossible) for you to memorize them all. Therefor we recommend that you use a Password Manager, like LastPass. Not only will LastPass keep all your passwords safe, it also has a plugin which automatically helps you generate passwords, easily save them and it will resave your password once you change it. Should you make use of all of LastPass’s features, you will never have to worry about a strong password policy again.

Ready to start using LastPass? A quick startup guide can be found here or if you’re ready to just sign up, click here!

    2. Pick a Good Security Question

A couple of years ago a very good friend of mine’s Facebook got hacked. Her attacker sent messages to her Facebook friends which appeared to be messages from her. The nature of the messages were such that it negatively affected relationships she had at the time. Desperate for help, I offered my assistance and checked all of her passwords and changed them all to stronger, better passwords. Soon afterwards the hacker striked again and this time it was a shock to me.

After a full security assessment, I finally found the answer to her problem. Her security question asked for the name of one of her pets. She often posted public pictures of her pets and mentioned their names in statuses on her Facebook account, so it was an easy question to answer.

This brings me to my point: Always create a security question ONLY YOU will have the answer to. Your mother’s maiden name can be easy to find and so can your birthplace – your imaginary childhood friend’s name? Much Better!

How to change your security question? The sad news is that you can’t! Once your Facebook security question is set up, it’s set in stone. If you have a bad question set-up, it is critical that you enable Two-Factor Authentication (Discussed later in this article). It is also critical that you then keep your email account extra secure.

    3. Check Your Allowed Apps

If you use Facebook often, chances are you’ve used one or more of Facebook’s Apps or Games. What you probably didn’t realize was that when you played that game or used that app for the first time, you we’re prompted to give the app certain “permissions” and eagerly clicked “Yes” so you could finally grow that cabbage your friend just gave you a seed for on Farmville.  These apps commonly have permissions that include posting to your Facebook page or gaining access to your private email address.

While these permissions can sometimes be beneficial to you, it can also turn out to be a huge pain for your Facebook friends or it can become a huge pain for you. Therefor it is important that you carefully read the Permissions dialog box before clicking on anything. It is also important to frequently go and remove apps and games from your permissions when you no longer use them.

You should also be careful when clicking links from within Facebook that promises funny videos or interesting content, but then takes you to another website where it requires you to Share something or accept permissions to your Facebook page, this usually leads to strange content being posted, on your behalf, on your Facebook page.

Facebook’s Guide to Apps and Game Permissions (as well as how to modify or remove them) can be found here

    4. Log Out when using other computers (or use incognito mode)

There comes a time in all our lives when we have to use someone else’s device to log into our Facebook our E-Mails. The Golden Rule when you’re in this situation is to NEVER TRUST ANYONE.

Always ensure that you log out of your account after you have used it, no matter where you are. Your friend might just go onto Facebook and assume he or she is still on their own account and post on your behalf, we could call this “accidental hacking”.

Another good idea will be to make use of Incognito or InPrivate browsing mode when logging into any account on another person’s PC. This will ensure that the password cannot be saved and once you close the browser, you will automatically be logged out of all the accounts you were logged in to.

For more information on InPrivate browsing modes, click on the relevant browsers:

Google Chrome

Internet Explorer

Microsoft Edge

Mozilla Firefox

    5. Use Two-Factor Authentication

When it comes to authentication, there are 3 recommended paths to follow: Authentication using something you know (basically, using a password), authentication using something you are (like facial recognition software or fingerprint access) and finally authentication using something you have (like a phone).

Although most devices do not support the second path (called biometric verification) yet, Facebook does offer the third path and so does many other websites and programs. Two-Factor Authentication (TFA in short), requires you to not only enter your password when logging in to a website, but also a code sent to your phone, which changes every time it is sent. This can be either through an app on your phone or through an SMS.

Using this technology will require hackers to steal your phone and know your password before they’d be able to login to your accounts, not something they can easily achieve.

To read more on how to get started with Facebook’s Two-Factor Authentication, a guide can be found here

    6. Enable Login Notifications.

Login Notifications is not as much a prevention method as an early action method. Facebook has a function that will notify you whenever someone logs into your Facebook account. You will receive an email and the email will also contain a link you can click on if it wasn’t you who logged in, which will then help you regain access to your account. Enabling this will make your account extra secure.

To enable Login Notifications, follow the steps in this article

So what if my account has already been hacked or I know someone whose is?

Important steps when your account is hacked is firstly to investigate what exactly was changed and done when the hacker gained access to your account. This means that you should open your Facebook and view your activity log (To access this, view this article). This is a log Facebook keeps of all your posts and actions. Be sure to remove all of the posts from your wall which were placed there by the hacker. Also follow all of the steps et out above and change all of your passwords. Hackers often leave themselves “backdoors” to your account so they can access it again after you’ve changed your passwords, so you should also review all of your security settings and App Permissions.

Bookmark this article and share it, so that if you know someone else who has been hacked, you can simply notify them (preferably not by contacting them on the account that has been hacked) and send them this article so they can follow the steps mentioned above.

Liked this article? Please share it on social media and leave comments below if you have any questions or suggestions!