Facebook is more than a website; it’s an ecosystem. It’s deeply connected to much of the Web, through social logins, apps, like buttons, comments, and more. Facebook knows more about you than almost any other entity on Earth, including governments. And Facebook has suffered several security and privacy breaches.

For all these reasons, it’s critical that you take the time to set your security and privacy settings on Facebook. Let’s walk through them.

This guide shows the full, desktop version of the Facebook website. The steps will be similar for the mobile website and Facebook apps. The links throughout the guide will take you directly to the pages referenced.

For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.

Facebook Settings

In Facebook, click the arrow symbol in the top right corner of the screen, then click Settings. You’ll see a menu on the left side of the screen with various categories of settings. We’ll go through them in order.

Facebook menu Settings

Note: this post contains affiliate links.

General Account Settings

  1. Click Manage Account.
    1. Choose your legacy contact. Choose someone you trust to manage your account after you die.
    2. Set the rest of the settings in the Manage Account section to match your preferences. I have Data Archive Permission and Annual Reminder enabled.

Facebook Manage Account settings.png

Security and Login

  1. Under Where You’re Logged In, look through the entries. If you see any devices you no longer use, such as a friend’s computer you used to log into Facebook once, click the 3 dots and then Log Out. If you see any devices you don’t recognize, click the 3 dots and then Not You?
  2. Under Login, click Change password. Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.
  3. Two-Factor Authentication
    1. Click Use two-factor authentication
      1. Click Get Started.
        1. Click Authentication App when you’re asked to choose your security method.
        2. Follow the on-screen instructions.
      2. Under Add a Backup, next to Recovery Codes, click Setup.
        1. Follow the on-screen instructions.
        2. Save the recovery codes in your password manager (I use the Notes field in LastPass).
      3. Learn more in How & Why to Use Two-Factor Authentication.
    2. Click Authorized Logins to view. Check the boxes for any browsers, software, or services that should no longer have access, then click Remove.
  4. Setting Up Extra Security
    1. Click Get alerts about unrecognized logins. Choose where you want to receive notifications.
    2. Click Choose 3 to 5 friends to contact if you get locked out. Choose 3-5 people you trust to help you if you get locked out of Facebook.

Facebook two-factor authentication settings

Privacy Settings and Tools

  1. Under Your Activity, click through the options to make any changes you’d like.
  2. Who can send you friend requests?: choose an option.
  3. Who can see your friends list?: choose an option. I recommend Only me.
  4. Who can look you up using the email address you provided?: choose an option.
  5. Who can look you up using the phone number you provided?: choose an option.
  6. Do you want search engines outside of Facebook to link to your profile?: choose an option.

Timeline and Tagging Settings

  1. Who can see what others post on your timeline?: choose an option. I suggest Friends.
  2. Who can see posts you’re tagged in on your timeline?: choose an option. I suggest Friends.
  3. When you’re tagged in a post, who do you want to add to the audience of the post if they can’t already see it?: choose an option. I suggest Friends.
  4. Review posts you’re tagged in before the post appears on your timeline?: If you check Facebook regularly, it should be safe to choose Disabled. Otherwise, choose Enabled.
  5. Review tags people add to your posts before the tags appear on Facebook?: If you check Facebook regularly, it should be safe to choose Disabled. Otherwise, choose Enabled.

Location Settings

  1. Location History only applies if you have the Facebook app installed on your mobile device. You can set your location settings in your app. I recommend disabling location services for Facebook.

Face Recognition Settings

  1. Do you want Facebook to be able to recognize you in photos and videos?: choose an option.

Apps and Websites

  1. Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
  2. Click through the Expired tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
  3. Scroll down to Preferences, and adjust those sections as necessary.

Instant Games

  1. Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
  2. Click through the Expired tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Business Integrations

  1. Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Facebook Business Integrations settings.png

Ads (Your ad preferences)

  1. Your information
    1. About you tab: disable those you don’t want to be used by Facebook to target ads to you. I recommend disabling all.
    2. Your categories tab: adjust as you see fit.
  2. Ad settings
    1. Ads based on data from partners: read the description, then choose an option. I recommend Not allowed.
    2. See ads based on my Facebook ad preferences on apps and websites off of the Facebook Companies: read the description, then choose an option. I recommend Not allowed.
    3. Include my social actions with ads for: read the description, then choose an option. I recommend No one.

Facebook ad preferences Your information.png

Facebook ad preferences Ad settings.png

Your Profile

Configure your profile to share the least amount of info necessary.

Intro

From your profile, find the Intro box on the left. Click the edit button (pencil icon) next to one of the items. The Customize Your Intro box will appear. Uncheck the box for any items you don’t want to be public.

About

From your profile, click the About tab. You’ll see a menu of sections on the left. Click through each one and edit the info as necessary. Use the audience selector to choose who can see each item.

Mobile Phones: If you must show phone numbers, I strongly recommend you set the audience to Friends.

Address: I strongly recommend you leave Address blank. If you must show a location, put just the city. Set the audience to Friends.

Email: If you must show email addresses, I strongly recommend you set the audience to Friends.

Birth Date, Birth Year: I strongly recommend you set the audience for all these fields to Only me. If you insist on showing your birthday, set the audience for the month and day to Friends but leave Birth Year as Only me. Learn more.

Family and Relationships: I recommend leaving this section blank, or adding only your partner. Scammers and other bad actors can exploit your relationships.

Life Events: I strongly recommend that you limit what you share here. This info can be used to personally identify you.

Manage Sections: On your profile, below your cover photo, you’ll see a line of buttons containing Timeline, About, etc. Click More, then Manage Sections. Uncheck sections that you want to hide from your profile. Some can’t be hidden.

Using Facebook Safely

Every time you post something, use the audience selector to choose who can see the post. Use the smallest audience necessary. Be extremely careful about anything that you make Public, as that makes it visible to the world. The audience you select for a post will be the setting used the next time you post, so you must pay attention to it each time you post. You can change the audience on past posts (one at a time), if you want to limit who can see them.

Be very careful whom you friend on Facebook, because a friend instantly gets access to a lot of your personal info. Also, if a friend’s Facebook account is hacked, that hacker gets access to your personal info!

When you receive a friend request, it’s a good idea to verify the person’s identity (that they are the actual owner of the Facebook account, and sent you a friend request). You can do that by asking them in person, or through some other trusted channel that you’ve previously used to communicate with them (email, other social media, text/SMS, phone, etc.). Or you could ask a trusted mutual friend to confirm their identity.

If you use someone else’s device (computer, phone, tablet, etc.) to log into your Facebook account, be sure to log out when you’re finished! Otherwise, the other person can use Facebook as you after you leave.