How to secure your Facebook account

Security should be a top concern for people on any social networking site, but with Facebook being as big as it is, this issue deserves special attention. Here are some tips to make sure your Facebook account is secure and remains secure.

Use a strong password

This is such a common piece of advice that you might be tired of hearing it, but the reason people keep bringing it up is because it is so important. Without a strong password, your account can easily be taken over and used to scam your friends. A strong password should contain a mixture of upper and lowercase letters, numbers, and symbols, but should also be at least 8 characters long.

If you can, use a different password for Facebook than you use on other sites, especially your email. If you have trouble remembering the password, try using a password manager or writing down a hint that can help jog your memory.

Enable secure browsing

It might be a shock to hear that most of your activity on Facebook could potentially be intercepted by other people. That includes things you post, people you friend, and even things you like. By default anything you send or receive from Facebook's servers is unencrypted, so anyone on your network can see your actions. Even worse, it is possible for people to hijack your account this way without knowing your password, and then change your settings or read your private conversations.

Luckily, Facebook has an option to enable secure browsing, which will encrypt all your information before it leaves your computer. Once this option is enabled, your current sessions will end and you will have to log back in, but from then on you should notice that your browser address bar starts with "https://" rather than "http://", meaning your connection is secured.

Check your active sessions

Facebook is available on many different devices, and you can log into your account from them all at the same time. This is because Facebook supports multiple active sessions, and is the same reason you can log in at work and not have your account log out on your home computer. This makes your life easier, but it also poses a large security risk, as someone who has stolen your password can also log in and be virtually undetected.

To make sure that your sessions are your own, go to the active sessions page of your Facebook account and have a look at the location of each session. If the location is a town or city that you live in or close to, the chances are the session is one you started by logging in. If the town or city is far away (or in another country) then you should close that session by clicking the "End activity" link next to it. Closing sessions that are over a week old is a good idea too.

Enable login notifications

Whilst regularly checking your active sessions is a good idea for the security conscious, Facebook also offers a service to alert you whenever someone (even yourself) logs into your account. By enabling login notifications, you can get an email or an text message (or both) sent to you with details about the login. If you receive an alert and haven't recently logged into your account, then someone may have compromised it, and you should quickly change your password and remove all your active sessions.

Using login approvals

Login approvals are a kind of two-factor authentication provided by Facebook to help secure the login process. Once enabled, a code will be sent to your phone via text message every time you try to log in, and you will have to enter the same code on Facebook. This means that an attacker not only needs to know your password, but needs access to your phone as well, which is highly unlikely to be the case.

If you login on your phone or home computer a lot and don't want to be bombarded by text messages each time, then don't worry, you can add them to a list of recognised devices. When Facebook detects that you are using one of your recognised devices, it will let you log in the usual way.