Sophos Cloud Optix![5 tips to make your Facebook account safer [UPDATED]](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2014/05/5-steps-facebook-privacy-250.jpg?w=250&h=250&crop=1)
Last year we gave you 5 tips to make your Facebook account safer.
But Facebook likes to change things, and now some of those tips are a bit outdated.
So here’s an update – have you done all five?
1. Make sure only your friends can see your timeline posts
You don’t want strangers checking you out on Facebook (presumably) so make sure you limit who can view your Facebook timeline.
While the key elements of your profile (name, picture, cover photo, etc.) are viewable by everyone, many other aspects of your timeline can be blocked from prying eyes.
First, make sure all your future posts are locked down. Click on the padlock icon on the top toolbar (on the right hand side), then click ‘Who can see my stuff?’.
Under ‘Who can see my future posts’, choose from:
- Public (which obviously means everyone)
- Friends
- Only me
- Custom (which allows you to limit some of your friends from seeing your posts)
Pick what’s best for you, but make sure ‘Public’ isn’t selected. Whatever you choose will then become the default every time you post an update (though you still have the option of selectively changing this for each individual update you post in the future).
Now, make sure you limit the audience for your previous posts. Click the arrowhead on the top toolbar (on the right hand side). Choose ‘Settings’.
Click Privacy on the left hand menu, and under ‘Who can see my stuff’, click ‘Limit past posts’. From here you can change all your past post visibility to ‘Friends’.
It’s also worth checking out the visibility of the stuff listed under the ‘About’ section of your profile.
On your timeline, click ‘Update info’ (at the bottom of your cover photo) and then click ‘Edit’ next to the area you wish to change the visibility for.
Once again, choose from the options of ‘Public’, ‘Friends’, ‘Only me’ or a custom list of people.
2. Control who can contact you on Facebook
Click on the padlock icon on the top toolbar (on the right hand side), then click ‘Who can contact me’.
By default this is set up as ‘Basic Filtering’ to allow friends and people you may know the opportunity to send you a message.
If you want only friends to be able to contact you, you can increase the filtering on your inbox. Other messages will then be diverted to your ‘other’ folder which you can access from the Messages screen.
To do this, click ‘Strict Filtering’ under ‘Whose messages do I want filtered into my Inbox?’
From this area of the screen you can also limit who is able to send you a friend request, choosing between everyone or just friends of your friends.
3. Control who can discover your profile based on your email address and/or telephone number
If you wish to control who can find you based on the email address or telephone number you used to sign up Facebook then you can do so by first clicking on the arrowhead at the top right of any page and then clicking ‘Settings’.
Next, select ‘Privacy’ from the menu on the left hand side of the page and look for the ‘Who can look me up?’ option.
You will notice that there are separate settings for both your email address and telephone number.
Click ‘Edit’ next to each to choose Friends, Friends of Friends or Everyone.
4. Set up login notifications
You can set Facebook up to send you an alert every time your account is accessed from an unknown computer or other device. This can be a handy way of receiving a warning should someone gain unauthorised access to your account.
Again, click the arrowhead at the top right of any page and choose ‘Settings’.
Choose ‘Security’ from the menu on the left hand side.
‘Login notifications’ is the top option available so click ‘Edit’.
Choose from receiving either an email and/or a text message/push alert. Click ‘Save Changes’. Login notifications are now active on your account.
5. Turn on login approvals
You can choose to have an extra layer of security when accessing your account from an unknown browser. Facebook will send a code to your phone which you will then need to use to login.
Click the arrowhead at the top right of any page and choose ‘Settings’, then ‘Security’ from the left hand menu.
Tick the box that says ‘Require a security code to access my account from unknown browsers’. Facebook will then take you though the process of setting up login approvals so click on ‘Get Started’ to begin.
Once you have set up login approvals you will only need to enter a code when you try to login from a new device. It is a feature that makes it that much harder for a hacker to gain access to your account and as such is well worth enabling.
Note: if your browser clears your history on exit, or has private browsing switched on, you may need to enter a code every time you log in.
These are just a few of the quick and simple measures you can take to protect your Facebook account.
If you have other tips of your own to share then please do leave them in the comments below.
And if you would like to keep up to date with the latest Facebook scams and other internet threats, please like the Naked Security page on Facebook.
Image of padlock courtesy of Shutterstock.
wow thanks dude…
0. Just quit Facebook like I did. After leaving, I feel so much more in control of what I share and with whom I share it.
facebook is like the Tar Baby … once you touch it, extricating yourself is almost impossible. Especially if your children are on it and live far away and this is the main way you can see what they are on about lol
if you quit facebook how are you leaving a message right now?
But if you Quit Facebook why are you here now?
This isn’t on Facebook – maybe that’s how John made a comment? The web does exist outside of Facebook!
To be extra safe your probably better off closing your facebook account 😉
‘Limit past posts’: From here you can change all your past post visibility to ‘Friends’.
If mosts of my past posts were set to custom with a tighter restriction than “Friends” does this remove those custom restrictions? Or will “Limit All Posts” give me a custom option, too?
It will only affect the posts that were set. Anything set to a custom setting will be left alone.
Ditto to the previous ex-Facebook users. QUIT. Why put up with weekly privacy changes that always manage to weaken yours? If I were still a FB user, the new snooping-on-background-music feature would be the last straw.
Ha, all they will hear is the neighbors dog constantly barking, wonder what that will be used for?
Unplug/disable your microphone and they won’t be able to hear anything.
Yeah, let’s just quit Facebook… and hop on another social media site! Will solve ALL our problems! 😉
Near the end of the first tip (post privacy) you state: “Whatever you choose will then become the default every time you post an update (though you still have the option of selectively changing this for each individual update you post in the future).” Are you sure about the default? This USED to be the case, but a year or two ago it changed so that when you change privacy settings for an individual post, that automatically becomes your setting for the next post and all subsequent posts, unless you notice and change it back.
yes this is what happens, you decide to make something public – like this post when you share it – so people can share it too – then all future posts will be public till you change it again.
and in reply to the ‘just leave’ comments, some of us can’t just leave facebook, we need to be there to monitor our kids usage, or to see club info of clubs we have joined *sigh*
And support groups
I think most support groups are private and cannot be seen, v.s. some open groups …it will tell you if it is an open or closed group. If concerned about others seeing it …or do you mean FB knowing about it. I wouldn’t worry about that really, unless you are in government thing, the I would trust the government on that.
No real need to provide Facebook with your real DoB. You may miss out on your friends wishing you on FB, but those who really matter would remember the day. There was no FB when you were born and people still remembered dates. With DoB acting as a crucial factor for ID verification, use a fake DoB whenever you can and don’t give other an easy access to your personal details such as phone numbers, address, where you work etc. As always the best one is to quit FB and get a life.
I *always* use a fake dob. The Bank has the correct one!
According to almost every site I use, I live somewhere in the Aleutian Islands and I was born 1/1//1900 (some sites are 1901). And my name is taken from a character in one of my favorite books from childhood on most sites.
Very good post – Good job Lee
Thank you
That’s all great advice for people that want privacy….
The issue that we have with the new generation coming through is the fact that they don’t care about privacy on unsocial networking, they’re more concerned about their popularity. Media has encouraged them that if they hang their dirty linen out in public then it’s a swift route to fame, attention and a large bank account.
Businesses are going to really struggle with getting that through to people’s heads when they begin work and legislations such as DPA are in place to protect the privacy of people’s information.
In any case, these settings still mean that Facebook and their pals (other businesses your details are sold to) are harvesting the data you wish to put up there.
“PM me hun”
All the tips in this article are smart and sensible, but here are some that give MAXIMUM security:
1) change your DoB to something similar, but easy for you to remember.
2) change your last name to something else.
3) don’t give them your cell number. EVER!
4) get a third party email address that forwards to your regular email and then set Facebook to that one.
5) limit what you post! If you are very political in your postings, depending on what you say, could get you guys with badges knocking on your front door.
6) never let your face be ‘tagged’ directly in pictures. FB uses facial recognition. Imagine if that got compromised. A savvy programmer could make an instant IDing app and know everything you put on FB simply by snapping a discreet picture.
You may think this is over the top, but You should plan ahead for the next FB security hole/breach and be proactive. Also, it is common place for companies to do simple background checks of you, using FB to feed them all they want to know about you. Especially if they are considering hiring you.
“Also, it is common place for companies to do simple background checks of you, using FB to feed them all they want to know about you.”
Given that I have always restricted my posts, photos, etc to friends, how are prospective employers go to use Facebook “to feed them all they want to know”? This smacks of scaremongering, which usually works out to be counter productive. Which is a shame as most of your post was useful.
If you do know something, please spell out how companies do this.
Mark: you’re right, facebook doesn’t share information with companies for background checks. This would only be available if you have your settings so that random people could see them, if they friend you to gain access, or if at some point your settings allowed thirdparty access and they were scraped into a database that these companies can query after the fact.
One issue I have seen is people making public posts from mobile devices. Just because the setting has been modified on a home PC, doesn’t mean the same settings apply to one’s mobile, and the default is usually set to “public”.
Tip Zero
Never sign up – if they don’t know about you …
Now just stop your friends putting up photos of you.
If you’re going as far as quitting facebook to avoid privacy problems then you might as well just get off the internet entirely, right?
There are many new social networks popping up. PHP and MySQL have made it possible for almost anyone to start a private network. I started one for my writing friends who facebook hates and kept nuking because we weren’t “real” (and therefore they couldn’t sell our information). I don’t sell their information. I don’t log it. I don’t spy on them. And I certainly don’t allow ads, we are run by donations only so they know NO ONE is taking their information. My advice? If you need social media but hate facebook, just start your own. I did and haven’t looked back.
Nice Tips, lee. These days, it’s really important to keep Facebook secure.
Hoping you might know how to help me. My facebook account on my computer has suddenly morphed into what I think is Chinese. It seems ok on my phone. I dont know how to get it to revert to English. Cant do anything on the site on the computer because I dont understand a word of it!!!
thank you for all your information and I learned a lot about how to protect my information in my facebook account.