Facebook Security And Privacy Guide For 2020

Facebook is more than a website; it’s an ecosystem. It’s deeply connected to much of the Web, through social logins, apps, like buttons, comments, and more. Facebook knows more about you than almost any other entity on Earth, including governments. And Facebook has suffered several security and privacy breaches.

For all these reasons, you must take the time to set your security and privacy settings on Facebook. Let’s walk through them.

This guide shows the full, desktop version of the Facebook website. The steps can also be used on Facebook’s mobile website and Facebook apps. The links throughout the guide will take you directly to the pages referenced.

For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.

Note: This page contains affiliate links. As an Amazon Associate, I earn from qualifying purchases. Please see Affiliate Disclosure.

Improve Your Facebook Security And Privacy Using Its Settings

On Facebook, click the arrow symbol in the top right corner of the screen, then click Settings & Privacy, then Settings. You’ll see a menu on the left side of the screen with various categories of settings. We’ll go through them in order.

Facebook menu Settings and Privacy

General

Click Memorialization Settings. Choose your legacy contact. Choose someone you trust to manage your account after you die. Set the rest of the settings in the Memorialization Settings section to match your preferences. I have Data Archive Permission and Annual Reminder enabled.

Facebook Manage Account settings

Security and Login

Under Where You’re Logged In, look through the entries. If you see any devices you no longer use, such as a friend’s computer you used to log into Facebook once, click the 3 dots and then Log Out. If you see any devices you don’t recognize, click the 3 dots and then Not You?

Click Change password. Set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). I recommend using a password manager, such as LastPass, to create and store your password.

LastPass: Secure Password Management
Free

LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

If Use two-factor authentication isn’t already set to On, click Get Started. Click Authentication App when you’re asked to choose your security method. Follow the on-screen instructions. Under Add a Backup, next to Recovery Codes, click Setup. Follow the on-screen instructions. Save the recovery codes in your password manager (I use the Notes field in LastPass). Learn more in How & Why to Use Two-Factor Authentication.

Click Authorized Logins to view. Check the boxes for any browsers, software, or services that should no longer have access, then click Remove.

Click Get alerts about unrecognized logins. Choose where you want to receive notifications.

Click Choose 3 to 5 friends to contact if you get locked out. Choose 3-5 people you trust to help you if you get locked out of Facebook.

Facebook two-factor authentication settings

Your Facebook Information

Click Off-Facebook Activity.

On the right, under What You Can Do, click Manage Your Off-Facebook Activity.

If you want to clear your history for all the apps and websites shown, click Clear History.

If you want to clear your history for only particular apps and websites, click one, then click Turn off future activity from [name].

On the right, click Manage Future Activity. In the window, click Manage Future Activity.

Toggle Future Off-Facebook Activity to off.

Taking these steps may disconnect apps you have connected to Facebook. For example, it disconnected my Buffer account, which I use for posting to multiple social media accounts. However, I was able to simply go into Buffer and reconnect to Facebook. You should be able to do the same for any integrations you truly need.

Your Off-Facebook Activity activity list
Future Off-Facebook Activity

Privacy

Under Your Activity, click through the options to make any changes you’d like.

Who can send you friend requests?: choose an option.

Who can see your friends list?: choose an option. I recommend Only me to prevent others from seeing your friends.

Who can look you up using the email address you provided?: choose an option. I recommend something other than Everyone.

Who can look you up using the phone number you provided?: choose an option. I recommend something other than Everyone.

Do you want search engines outside of Facebook to link to your profile?: I recommend unchecking this.

Timeline and Tagging Settings

Who can see what others post on your timeline?: choose an option. I suggest Friends.

Who can see posts you’re tagged in on your timeline?: choose an option. I suggest Friends.

When you’re tagged in a post, who do you want to add to the audience of the post if they can’t already see it?: choose an option. I suggest Friends.

Review posts you’re tagged in before the post appears on your timeline?: If you check Facebook regularly, it should be safe to choose Disabled. Otherwise, choose Enabled.

Review tags people add to your posts before the tags appear on Facebook?: If you check Facebook regularly, it should be safe to choose Disabled. Otherwise, choose Enabled.

Location

Location History only applies if you have the Facebook app installed on your mobile device. You can set your location settings in your app. I recommend disabling location services for Facebook.

Face Recognition

Do you want Facebook to be able to recognize you in photos and videos?: choose an option.

Apps and Websites

Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Click through the Expired tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Scroll down to Preferences, and adjust those sections as necessary.

Instant Games

Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Click through the Expired tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Business Integrations

Click through the Active tab, and adjust as necessary. Remove any you don’t need. Disable any sharing that isn’t necessary.

Facebook Business Integrations settings

Ads (Your Ad Preferences)

Click Your information. On the About you tab, disable those you don’t want to be used by Facebook to target ads to you. I recommend disabling all. On the Your categories tab, adjust as you see fit.

Click Ad settings. I recommend setting Ads based on data from partners and Ads based on your activity on Facebook Company Products that you use elsewhere to Not allowed. I recommend setting Ads that include your social actions to No One.

Facebook ad preferences Your information
Facebook ad preferences Ad settings

Your Profile

Let’s leave Settings and look at other areas of Facebook.

Configure your profile to share the least amount of info necessary.

Intro

From your profile, find the Intro box on the left. Click Edit Details. The Edit Details box will appear. Toggle off any items you don’t to show. Click the pencil icon to edit an item.

About

From your profile, click the About tab. You’ll see a menu of sections on the left. Click through each one and edit the info as necessary. Use the audience selector to choose who can see each item.

Pay special attention to the Contact and Basic Info section.

  • Mobile Phones: If you must show phone numbers, I strongly recommend you set the audience to Friends.
  • Address: I strongly recommend you leave the Address blank. If you must show a location, use only your city. Set the audience to Friends.
  • Email: If you must show email addresses, I strongly recommend you set the audience to Friends.
  • Birth Date, Birth Year: I strongly recommend you set the audience for all these fields to Only me. If you insist on showing your birthday, set the audience for the month and day to Friends but leave Birth Year as Only me. Learn why you shouldn’t share your birth date online.
Facebook profile birthday

Family and Relationships: I recommend leaving this section blank, or adding only your partner. Scammers and other bad actors can exploit your relationships.

Life Events: I strongly recommend that you limit what you share here. This info can be used to personally identify you.

Edit Privacy: Below the About box is the Friends box. In the top right corner of that box, click the ellipsis (), then Edit Privacy. Here you can set the following:

  • Friends List: Who can see your friends list?
  • Following: Who can see the people, Pages, and lists you follow?
  • Followers: Who can see your followers on your timeline?

I recommend setting all to Only me, but you can set as you desire.

Facebook Friends Edit Privacy

On your profile, in the tabs below your cover photo and name, you’ll see a line of buttons containing Timeline, About, etc. Click More, then Manage Sections. Uncheck sections that you want to hide from your profile. Some can’t be hidden. Hide/uncheck all the sections that you don’t want others to see, such as Groups, Likes, and Events.

View As Public

Facebook has a tool that lets you see what your profile looks like to the public (people you’re not friends with). I highly recommend using this to occasionally check your profile, to make sure you’re not revealing too much.

  1. Open your profile.
  2. Below your cover photo and name, click the eye icon.
  3. You’ll see your profile as the public see it. A banner at the top of the page will say, This is what your profile looks like to: Public.
  4. To return to using Facebook normally, click Exit View As in the banner.

For any items that are visible that you don’t want to be visible to the public, edit the audience (see instructions elsewhere in this guide).

Facebook View As button
Facebook View As banner

Facebook Privacy and Security: Using Facebook Safely

Every time you post something, use the audience selector to choose who can see the post. Click whatever is next to Sharing to, this changes the audience. Use the smallest audience necessary. Be extremely careful about anything that you make public, as that makes it visible to the world. The audience you select for a post will be the setting used the next time you post, so you must pay attention to it each time you post. You can change the audience on past posts (one at a time), if you want to limit who can see them.

Facebook Create Post Sharing to
Facebook Who can see your post

Be very careful whom you friend on Facebook, because a friend instantly gets access to a lot of your personal info. Also, if a friend’s Facebook account is hacked, that hacker gets access to your personal info!

When you receive a friend request, it’s a good idea to verify the person’s identity (that they are the actual owner of the Facebook account, and sent you a friend request). You can do that by asking them in person, or through some other trusted channel that you’ve previously used to communicate with them (email, other social media, text/SMS, phone, etc.). Or you could ask a trusted mutual friend to confirm their identity.

If you use someone else’s device (computer, phone, tablet, etc.) to log into your Facebook account, be sure to log out when you’re finished! Otherwise, the other person can use Facebook as you after you leave.

If you participate in Facebook groups, pay attention to the group privacy levels. They are:

  • Private and hidden in search (formerly Secret)
  • Private and visible in search (formerly Closed)
  • Public and visible in search (formerly Public)

Each has different privacy settings. In a public group, anyone on Facebook can enter the group, see that you’re a member, and see your activity (posts, comments, likes, etc.).

Facebook group type Public

Some websites let you log in with your Facebook account. Don’t use this option! If someone hacks your Facebook account, they gain access to all the accounts you’ve set up for Facebook login. Yes, it’s more work to create separate logins for each site, but remembering the logins doesn’t take any extra effort if you use a password manager (I like LastPass).

Be careful what you post. I’ve seen people post pictures of credit cards and plane tickets, and post that they’re on vacation far from home. Be wise about what you share with others. Learn more about the dangers of posting about travel.

Just as you need to be careful about clicking links in email and other messages, you must be careful about clicking links you receive in Facebook messages (PMs).

If you use the Facebook Messenger app (not Facebook messages in a web browser), you have the option of enabling the Secret Conversations feature, which provides end-to-end encryption for your messages. You can also set these messages to disappear (be deleted) at the time you specify. When creating a message, look for Secret or a lock icon in the top right. Learn more about Secret Conversations.

Leave a Comment