Skip to content
Naked Security Naked Security

3 ways to better secure your Facebook account

Is your Facebook as safe as it could be? Try these 3 ways to protect yourself...

It’s been a little while since we’ve checked out the security measures that Facebook has to keep your account safe.

Since Facebook is always changing things up, we thought it was about time we took a fresh look at what settings you should check to protect your account.

1. Keep your posts, photos, and biographical information out of public view

It’s always prudent to keep your posts out of the public eye – posts you make publicly can reveal lots of juicy details about your life, friends, and family that are a goldmine for someone with less-than-kind purposes.

Every time you post an update on Facebook, you can choose the Privacy level in the drop-down menu to the left of the “Post” button. We recommend choosing “Friends” or any other filter other than “Public.”

Make sure to check this privacy setting every time you post, as it tends to like to default back to “Public”!

If you’re not sure if your previous Facebook updates (including statuses and photos) are friends-only or not, you can limit all previous activity pretty easily. Here’s how:

  • When logged in on a desktop computer: Click the padlock icon at the upper right and then click “See more settings” at the bottom of the menu.
  • Via the Facebook mobile app: Click “More” at the bottom right of the screen, scroll down to “Privacy Shortcuts,” and then hit “More settings” at the bottom and then “Privacy.”

Now you’ll want to select “Limit the audience for posts you’ve shared with friends of friends or Public.”

limit the audience

Clicking “Limit Old Posts” will make everything you’ve posted in the past visible only to your friends. Facebook will give you a somewhat scary-sounding disclaimer that this one-click change is permanent and can’t be undone, but it’s one of the best moves you can make to secure your account!

Another thing to keep in mind is that Facebook keeps adding more features on your profile that are public by default and cannot be changed. It used to be just your profile photo, and then your cover photo, but now there’s an “Intro” area where you can “describe who you are” and also add up to 5 featured photos.

When in doubt, use the “View as” option in your profile to make sure you’re keeping your posts and activity private.

To do this, navigate to your profile and click the “…” on your cover photo and see what your profile looks like to the general public. If you see anything there you don’t want featured, it’s best to make it friends-only, or delete it.

(Remember, many websites now use Facebook for leaving comments on news articles, blogs, etc. If you leave comments on those sites, or even hit “share” on the article to show your Facebook friends, that kind of activity can still appear on your timeline as public.)

2. Restrict how you appear in search or who can send you a friend request

With Facebook being as massive as it is, you want to make it as hard as possible for spammers (of which there are many on Facebook!) to find you. To do that, you want to prevent them from even adding you in the first place.

Make sure the only people who can add you, search for you or message you are people you either already know, or at least are known by your friends. You can control this in the Privacy settings.

  • When logged in on a desktop computer: Click the padlock icon at the upper right and then click “See more settings” at the bottom of the menu.
  • Via the Facebook mobile app: Click “More” at the bottom right of the screen, scroll down to “Privacy Shortcuts,” and then hit “More settings” at the bottom and then “Privacy.”

Then check sure the following settings:

  • Who can contact me/send me friend requests – Friends of Friends (not Everyone)
  • Who can look me up using my email address/phone number – Friends, or Friends of Friends

Unfortunately, Facebook removed the setting that allows you to completely restrict or filter who can contact you, so be especially wary of anything sent to you in your filtered “message requests” inbox, and never ever click unknown links!

3. Set up login alerts and – if you’re comfortable giving Facebook your mobile number – login approvals

  • When logged in on a desktop computer: Click the padlock icon at the upper right and then click “See more settings” at the bottom of the menu. On the left hand side, choose “Security”
  • Via the Facebook mobile app: Click “More” at the bottom right of the screen, scroll down to “Settings,” and then hit “Account settings”. Then click “”Security.”

You’ll see an option to enable Login Alerts, which means Facebook will send you a notification if it sees someone trying to log in from a browser or device it hasn’t seen you use before.

It may just be a false alarm from you using a hotel computer while on vacation, or it may be someone trying to log in as you from their own laptop – either way, Facebook will let you know immediately so you can take action, if necessary.

Enable Login Alerts by clicking on “Login Alerts” on your phone, or “Edit” on your desktop, and choose how you’d like to receive your alerts.

There’s an argument to be made for keeping your phone details off Facebook entirely – it’s yet another level of personal information that many people would rather keep out of Facebook’s gaping maw.

That said, you do need to enter a legitimate mobile phone number into Facebook to enable a strong added layer of security. So if you are comfortable with Facebook having access to your phone number, enable Login Approvals – it’s Facebook’s version of two-factor authentication.

Now, every time you log in from a browser or device that Facebook hasn’t seen you use before, you will get a code sent to your registered mobile device that you will need to enter into Facebook to continue logging in.

The idea is that hopefully someone trying to break in to your account wouldn’t have access to your mobile phone, and without the code sent to your phone, they can’t proceed to use your account.

login approvals

To set up Login Approvals, go to the Security menu under Settings, and check the box next to “Login Approvals On” on your phone, or “Edit” and then “Require a security code to access my account from unknown browsers” on your desktop.

Make sure to have your mobile phone handy, as this will kick off a process to activate the Facebook Code Generator as well as register your phone number to your account.

Always remember that even after restricting who can see your posts on Facebook, anything you post to the internet has a long half-life.

Discretion goes a long way. If you have any concern about someone seeing something about your life that you might not want in the public view, think twice about posting it on Facebook or anywhere else online – regardless of your privacy settings.

How about you? Is your Facebook profile a completely open book, or is your birthday set to 01/01/1900? Let us know in the comments.


Mine is as safe as humanly possible…. I refuse to have one. Deleted it many years ago, haven’t looked back! ;)


The problem with deleting your account is that it shuts you out of it but it doesn’t disappear. All the info remains and hackers can still get to it, just not your friends or you. There is no hiding but at least you can be in control of how your account is used and get alerts when someone hacks it. Now you won’t even get a warning that someone might be using all your info that you deleted from yourself.


There’s an option after you deactivate your account (isn’t there?) to delete all your data along with it. It doesn’t physically get deleted instantly because FB has to get the message out to all its very many servers to remove any part of your history’s they may hold, but IIRC it all evaporates in the end.

Just deactivating your account leaves the data behind so you can reactivite it later.


Good question. There is indeed, though FB says it can take up to 90 days for every trace to be removed:
Another way to get an account permanently *deleted* (and not just deactivated) is when the account user is deceased, though that does require some documented proof.


@”Anonymous” – You have to request for them to delete your data, but yes, it is then deleted. If you simply deactivate, all of your information remains on their servers in case you decide to return.


Well put..stable door and horses springs to mind..
Sooner use a dummy email..fake birthday …and now people tweek their name too on it.or .use an allies…and .set to family and friends


Also,I know everyone is proud of their kids. But there are hackers out there that like to get kids pictures and post them to other sights. Many like to use them on porno sites. So limit or do not post their pictures on FB unless you control who can see them.


Take a peak at your personal info too (birthdays, phone#, email). Is it set to friends? I set much of mine to “only me”. I have seen many set to Public. BTW – Review your children’s security settings with them. Explain some best practices as you review it with them. It isn’t hard for someone to find out where they are, when they are there, and other info you wouldn’t want your children to share with strangers; if their security settings are configured poorly.


The MASSIVE toolbar is rarely a nice touch. Can you put a few more so the mobile page is completely hidden?


I have always resisted Facebook’s demands for me to give them my mobile phone number (in order to reactivate my account in case it even gets de-activated). Are you now advising that I should provide it for more secure authentication?


Yes, because phone based 2FA makes it harder for crooks to commandeer your account.

Whether or not this might affect the privacy of your number is a separate issue – Facebook *did* have a bug recently in the way it handled the issue of phone numbers provided for 2FA purposes:


Once you publish something on the Internet there is no way to delete or erase it. It remains forever.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!