Given the sheer volume of messages I’ve received on Facebook Messenger saying “This look like you!” or similar with a video link, I figured I’d put together a post on how to secure up your Facebook profile. In a number of cases I’ve seen Facebook blamed, and while I hold no love for the company or their practices, they do make it pretty easy to secure your entire Facebook experience. While I do believe they should be more “in your face” about these settings, it is up to you to ensure that you are secure on the platforms you use. There are two things that I feel are absolutely critical to check which should eliminate the majority of issues.
Two-Factor Authentication (2FA)
Any regular reader of my blog will know that I mention 2FA at every possible occasion. My wife and friends can attest to the fact that this happens offline as well as online! 2FA adds a second way of authenticating with Facebook and proving you are you, and reduces the risk of your account getting “hacked” immensely. This makes Facebook work like your internet banking: once you’ve logged in with your password on a new device, a code will be sent to your cellphone to make sure it’s you. In short, if someone doesn’t have your mobile phone, they cannot log in. You can enable 2FA by following the below steps:
- Download an app called “Authy” (iPhone / Android) on your phone. It is one of the best multifactor authentication management apps out there. You can also use “Microsoft Authenticator” or “Google Authenticator”.
- Open Facebook in a browser or on Mobile
- Open “Settings” within Facebook (the little down arrow at the top right of Facebook on the desktop, or at the bottom left of the mobile app)
- Select “Security and login”
- Select the “Use two-factor authentication” section
- When prompted to select a method, use the Authentication app. You can use SMS if you’d like, but it is not as secure or reliable as the app.
- You’ll be shown a QR code, open Authy on your phone and select the “+ Add Account” to add a new account. If you’re doing this on your phone, select the “Setup on same device” text. This will open your default code manager (like Authy or Google Authenticator).
- Your app will start showing you rotating codes. Enter the current one on Facebook (either in the app or in the browser). These codes only last 30 seconds, so you’ll need to be sure you act in time, otherwise you’ll need to use the next code that comes up.
- 2FA is now enabled!
I would recommend adding a backup method such as SMS or Yubikey (if you have one), as this will help in case you lose a device or get a SIM swap.
Checking and Removing App Logins
Adding tons of apps on Facebook trying to determine what breed of Llama you are or where on the political spectrum you sit is a recipe for disaster – giving other apps and websites the ability to post on your behalf and so on. Again within “Settings” (follow steps 2-3 above again) we can review these logins. Once in “Settings”, open “Apps and Websites”. Here you can see which sites or services are currently active and you share your information with, which have expired, and those that you’ve removed. I would recommend removing any apps or websites that you don’t use. Bear in mind, that this would also show websites where you’ve used the “Login with Facebook” button.
Facebook has actually added an all-in-one section that allows you to check all your privacy settings. I would highly recommend making your way through the entire checkup which is way more comprehensive than what I’ve put in above. You can access the privacy checkup on desktop or mobile here: https://www.facebook.com/privacy/checkup/
Ross G Saunders Consulting offers a number of solutions that can drive your compliance and security maturity; from affordable 16 week group coaching programmes to comply on your own, through to advisory retainers and full programme management. To find out more about the offerings available, book time directly with Ross using the calendar below.