Facebook is more than a website; it’s an ecosystem. It’s deeply connected to much of the Web, through social logins, apps, like buttons, comments, and more. Facebook knows more about you than almost any other entity on Earth, including governments. And Facebook has suffered several security and privacy breaches.
For all these reasons, you must take the time to set your security and privacy settings on Facebook. Let’s walk through them.
This guide shows the full, desktop version of the Facebook website. The steps can also be used on Facebook’s mobile website and Facebook apps. The links throughout the guide will take you directly to the pages referenced.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
Improve Your Facebook Security And Privacy Using Its Settings
On Facebook, click the arrow symbol in the top right corner of the screen, then click Settings & Privacy, then Settings. You’ll see a menu on the left side of the screen with various categories of settings. We’ll go through them in order.
General
Click Memorialization Settings. Choose your legacy contact. Choose someone you trust to manage your account after you die. Set the rest of the settings in the Memorialization Settings section to match your preferences. I have Data Archive Permission and Annual Reminder enabled.
Security and Login
Under Where You’re Logged In, look through the entries. If you see any devices you no longer use, such as a friend’s computer you used to log into Facebook once, click the 3 dots and then Log Out. If you see any devices you don’t recognize, click the 3 dots and then Not You?
Click Change password. Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
If Use two-factor authentication isn’t already set to On, click Get Started. Click Authentication App when you’re asked to choose your security method. Follow the on-screen instructions. Under Add a Backup, next to Recovery Codes, click Setup. Follow the on-screen instructions. Save the recovery codes in your password manager (I use the Notes field in LastPass). Learn more in How & Why to Use Two-Factor Authentication.
Click Authorized Logins to view. Check the boxes for any browsers, software, or services that should no longer have access, then click Remove.
Click Get alerts about unrecognized logins. Choose where you want to receive notifications.
Click Choose 3 to 5 friends to contact if you get locked out. Choose 3-5 people you trust to help you if you get locked out of Facebook.
Your Facebook Information
Click Off-Facebook Activity.
On the right, under What You Can Do, click Manage Your Off-Facebook Activity.
If you want to clear your history for all the apps and websites shown, click Clear History.
If you want to clear your history for only particular apps and websites, click one, then click Turn off future activity from [name].
On the right, click Manage Future Activity. In the window, click Manage Future Activity.
Toggle Future Off-Facebook Activity to off.
Taking these steps may disconnect apps you have connected to Facebook. For example, it disconnected my Buffer account, which I use for posting to multiple social media accounts. However, I was able to simply go into Buffer and reconnect to Facebook. You should be able to do the same for any integrations you truly need.
Privacy
Under Your Activity, click through the options to make any changes you’d like.
Who can send you friend requests?: choose an option.
Who can see your friends list?: choose an option. I recommend Only me to prevent others from seeing your friends.
Who can look you up using the email address you provided?: choose an option. I recommend something other than Everyone.
Who can look you up using the phone number you provided?: choose an option. I recommend something other than Everyone.
Do you want search engines outside of Facebook to link to your profile?: I recommend unchecking this.
Timeline and Tagging Settings
Who can see what others post on your timeline?: choose an option. I suggest Friends.
Who can see posts you’re tagged in on your timeline?: choose an option. I suggest Friends.
When you’re tagged in a post, who do you want to add to the audience of the post if they can’t already see it?: choose an option. I suggest Friends.
Review posts you’re tagged in before the post appears on your timeline?: If you check Facebook regularly, it should be safe to choose Disabled. Otherwise, choose Enabled.
Review tags people add to your posts before the tags appear on Facebook?: If you check Facebook regularly, it should be safe to choose Disabled. Otherwise, choose Enabled.
Location
Location History only applies if you have the Facebook app installed on your mobile device. You can set your location settings in your app. I recommend disabling location services for Facebook.
Face Recognition
Do you want Facebook to be able to recognize you in photos and videos?: choose an option.
Apps and Websites
Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
Click through the Expired tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
Scroll down to Preferences, and adjust those sections as necessary.
Instant Games
Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
Click through the Expired tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
Business Integrations
Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.
Ads (Your Ad Preferences)
Click Your information. On the About you tab, disable those you don’t want to be used by Facebook to target ads to you. I recommend disabling all. On the Your categories tab, adjust as you see fit.
Click Ad settings. I recommend setting Ads based on data from partners and Ads based on your activity on Facebook Company Products that you use elsewhere to Not allowed. I recommend setting Ads that include your social actions to No One.
Your Profile
Let’s leave Settings and look at other areas of Facebook.
Configure your profile to share the least amount of info necessary.
Intro
From your profile, find the Intro box on the left. Click Edit Details. The Edit Details box will appear. Toggle off any items you don’t to show. Click the pencil icon to edit an item.
About
From your profile, click the About tab. You’ll see a menu of sections on the left. Click through each one and edit the info as necessary. Use the audience selector to choose who can see each item.
Pay special attention to the Contact and Basic Info section.
- Mobile Phones: If you must show phone numbers, I strongly recommend you set the audience to Friends.
- Address: I strongly recommend you leave the Address blank. If you must show a location, use only your city. Set the audience to Friends.
- Email: If you must show email addresses, I strongly recommend you set the audience to Friends.
- Birth Date, Birth Year: I strongly recommend you set the audience for all these fields to Only me. If you insist on showing your birthday, set the audience for the month and day to Friends but leave Birth Year as Only me. Learn why you shouldn’t share your birth date online.
Family and Relationships: I recommend leaving this section blank, or adding only your partner. Scammers and other bad actors can exploit your relationships.
Life Events: I strongly recommend that you limit what you share here. This info can be used to personally identify you.
Edit Privacy: Below the About box is the Friends box. In the top right corner of that box, click the ellipsis (…), then Edit Privacy. Here you can set the following:
- Friends List: Who can see your friends list?
- Following: Who can see the people, Pages, and lists you follow?
- Followers: Who can see your followers on your timeline?
I recommend setting all to Only me, but you can set as you desire.
On your profile, in the tabs below your cover photo and name, you’ll see a line of buttons containing Timeline, About, etc. Click More, then Manage Sections. Uncheck sections that you want to hide from your profile. Some can’t be hidden. Hide/uncheck all the sections that you don’t want others to see, such as Groups, Likes, and Events.
View As Public
Facebook has a tool that lets you see what your profile looks like to the public (people you’re not friends with). I highly recommend using this to occasionally check your profile, to make sure you’re not revealing too much.
- Open your profile.
- Below your cover photo and name, click the eye icon.
- You’ll see your profile as the public see it. A banner at the top of the page will say, This is what your profile looks like to: Public.
- To return to using Facebook normally, click Exit View As in the banner.
For any items that are visible that you don’t want to be visible to the public, edit the audience (see instructions elsewhere in this guide).
Facebook Privacy and Security: Using Facebook Safely
Every time you post something, use the audience selector to choose who can see the post. Click whatever is next to Sharing to, this changes the audience. Use the smallest audience necessary. Be extremely careful about anything that you make public, as that makes it visible to the world. The audience you select for a post will be the setting used the next time you post, so you must pay attention to it each time you post. You can change the audience on past posts (one at a time), if you want to limit who can see them.
Be very careful whom you friend on Facebook, because a friend instantly gets access to a lot of your personal info. Also, if a friend’s Facebook account is hacked, that hacker gets access to your personal info!
When you receive a friend request, it’s a good idea to verify the person’s identity (that they are the actual owner of the Facebook account, and sent you a friend request). You can do that by asking them in person, or through some other trusted channel that you’ve previously used to communicate with them (email, other social media, text/SMS, phone, etc.). Or you could ask a trusted mutual friend to confirm their identity.
If you use someone else’s device (computer, phone, tablet, etc.) to log into your Facebook account, be sure to log out when you’re finished! Otherwise, the other person can use Facebook as you after you leave.
If you participate in Facebook groups, pay attention to the group privacy levels. They are:
- Private and hidden in search (formerly Secret)
- Private and visible in search (formerly Closed)
- Public and visible in search (formerly Public)
Each has different privacy settings. In a public group, anyone on Facebook can enter the group, see that you’re a member, and see your activity (posts, comments, likes, etc.).
Some websites let you log in with your Facebook account. Don’t use this option! If someone hacks your Facebook account, they gain access to all the accounts you’ve set up for Facebook login. Yes, it’s more work to create separate logins for each site, but remembering the logins doesn’t take any extra effort if you use a password manager (I like LastPass).
Be careful what you post. I’ve seen people post pictures of credit cards and plane tickets, and post that they’re on vacation far from home. Be wise about what you share with others. Learn more about the dangers of posting about travel.
Just as you need to be careful about clicking links in email and other messages, you must be careful about clicking links you receive in Facebook messages (PMs).
If you use the Facebook Messenger app (not Facebook messages in a web browser), you have the option of enabling the Secret Conversations feature, which provides end-to-end encryption for your messages. You can also set these messages to disappear (be deleted) at the time you specify. When creating a message, look for Secret or a lock icon in the top right. Learn more about Secret Conversations.
I’m being threatened by someone who says they will post certain pictures of me on FB to embarrass me unless I give the a $300 Google Play card.
Can I speak to someone about this ASAP?