How to Protect Facebook Account from Being Hacked

Why should you worry about protecting Facebook from hacking

Many tend to believe that the security of their social media presence isn’t the first thing worth the effort to work on. You don’t often see a question like ‘How Can I Protect Facebook Account From Being Hacked?’ unless the person making such a request got hacked recently and now seeks the protection based on the bitter experience.

What does a hacker get when they hack FB account of yours? Obviously, criminals get access to all your photos and messaging history, which opens ‘great’ social engineering opportunities. You might have heard stories where close friends ask to borrow some money in a message and, well, many people say ‘Sure, here you go!’ and get scammed. Criminals may also extract much more of other information from your private messages.

Who would like their messages to be read by a stranger at all? There may be some confidential info there. Secrets. Passwords. Nudes? What if all this becomes public? You can ask Jennifer Lawrence about what might happen.

Hackers can ultimately undermine your reputation and make your friends’ private information also vulnerable to publicizing and other manipulations.

But the main thing is that GDPR (General Data Protection Regulation) has now come into force and Facebook allows users to download all private data related to their personal accounts in one click. That means a hacker interloping your profile will be able to do the same.

This article will tell you how to protect Facebook account from being hacked and offer a whole list of Facebook security best practices. Let’s secure your account and keep your private info safe.

Useful to know: Top 10 Ways Hackers Use To Hack Facebook Accounts

Now let’s get acquainted with a list of Facebook profiles hacking options and find out how to protect Facebook account from being hacked:

MethodDescriptionWhat to do
Password phishingThe most popular and fruitful way to get your account data is the creation of full copies of real Facebook pages. Victims enter their emails and passwords to log into a fake page, becoming an easy prey for a scammer.
  • Try not to work with Facebook from unknown devices;
  • Use VPN while using public WiFi;
  • Don’t click the links in emails from the ‘Facebook team’ claiming your account is hacked and you must enter your verification data immediately;
  • Try to use Google Chrome for Facebook, this browser is able to recognize some phishing web pages.
Authentication data saved in the browserA browser usually offers you to save login and password to automate further authorizations when you enter your Facebook page. If you accidentally launch a hacker resource and allow saving the data, your security gets ultimately undermined.
  • Never use automatic authorization in your browser for any website including Facebook.
  • To find out which passwords you have already saved and secure yourself from chances of being hacked enter the following in Google Chrome: chrome://settings/passwords
  • Learn how to check saved passwords in Firefox here.
Email breachSometimes, it’s easier for scammers to break into your email than hack FB. If you don’t use a strong password to protect access to your email account and don’t activate two-factor authentication in your mailbox, hackers may brute force your password, access your email account and obtain data to gain access to your Facebook page as well as to many more important accounts.
Mobile device breachIf a network scammer gets into your phone, he/she immediately gets access to your FB page. They can do this remotely, with the help of such malware apps as Spy Phone Gold, Mobile Spy, etc.
  • Install an antivirus on your mobile device;
  • Avoid downloading and installing obscure applications.
Password masks viewEven if your password is masked in a browser with ‘*’, a hacker may view it by customizing browser security settings.
  • Don’t save your account authorization details on your Facebook page.
Unauthorized access through a USB with harmful softwareA hacker may infect your USB drive with a virus that eventually gets into your system and extracts a login and password to your Facebook page.
  • Connect only known USB drives
  • Scan USB drives with standard OS utilities
  • Don’t buy used flash drives
Social engineeringWhen you set a password consisting of ‘QWERTY’ followed by your birth date, rest assured that you only make your profile easily susceptible to being hacked.
  • Use specialized random password generation resources;
  • Never include private data in passwords – your name and date of birth, etc.
Wi-Fi breachHackers may also reconfigure the Wi-Fi router to gain access to everything transferred by the network equipment to web and back.
  • Avoid connecting to public WiFi without VPN;
  • Update passwords regularly.
Unattended profile on a physical deviceThis is the most convenient way to get a hold of your personal info and scam you. It may seem to be a pretty unlikely option to forget and leave your phone somewhere with FB open on it of to keep Facebook always open on your workplace, but this happens to people all the time.
  • Don’t leave your FB profile unsupervised, once you’ve done browsing the media, use Exit to quit Facebook.

| Read also: Email hacking protection

1. Use Passwords Wisely

Now for some tips on how to protect Facebook account by properly creating and using a strong password for Facebook.

Use strong hard to guess passwords

Want to know how to protect yourself on Facebook? Take a good care of your password – make it long and difficult.

It doesn’t matter where you register – always try to come up with reliable passwords. Here are some tips:

  • don’t use your personal info – date of birth, name, your relatives’ names, their birth dates, etc.;
  • don’t use simple words found in any dictionary;
  • don’t make passwords that consist of less than 8 symbols;
  • try including at least one special symbol in your password like an exclamation mark and use a few uppercase letters.

| Read also: How to Choose and Use Strong Passwords

Change passwords every 6 months or more often

If you update your passwords at least once half a year, you’ll decrease your chances of being hacked on Facebook significantly (the same goes for email, of course). Use a special password manager to keep all passwords safe – LastPass or Dashlane will do.

Don’t save passwords on public devices

As we’ve already mentioned, try to not leave any of your account data on ‘third-party’ devices that can be accessed by strangers. For instance, your office PC might not be the best place to set up an auto filling browser feature for immediately entering social networking login and password.

| Read also: The Worst Passwords of 2015

2. Use Two-factor authentication

Two-factor authentication (2FA) is one of the highly-reliable means of user login protection that offers an additional identity check stage on top of the standard login-password combination verification. After entering your standard login and password you also have to enter the one-time password (OTP) valid only for a minute. Usually, you get this one-time password via SMS or a call on your phone number, or use an app or special device – hardware OTP token – to generate OTP password. Thus, you confirm that you not only know the login and password but also own the phone or hardware OTP token.

In Facebook you can add a phone number to secure account with two-factor authentication, connect a 2-factor authentication app or order and connect a hardware OTP token instead of an app, which is the most secure practice.

Text Messages

Text Messages is the easiest way to get one-time passwords. You need only to add your phone number to Facebook. But it’s the least safe 2-factor authentication method because of the risk of SIM card replacement, cellular network vulnerabilities, and mobile viruses that make use of open access to SMS messages on smartphones to intercept one-time passwords.

Recently Reddit was hacked because their employees used SMS authentication. Read more about the Reddit hack and why SMS authentication is weak in our article “Reddit was hacked: how it happened, who the victims were, and why SMS authentication failed”.

In-app authentication

Many users tend to prefer third-party apps to generate Facebook security codes – Google Authenticator, Duo, Protectimus Smart. Such solutions provide a higher level of security as opposed to SMS verifications.

Nevertheless, this still may not be the ultimate way to gain a good protection online. The thing is, any applications can be infected with harmful software. Moreover, if you delete an authenticator app from your device, all the tokens it generated previously will also be deleted and you will lose access to the respective resources. That’s exactly why modern online security experts strongly recommend using hardware tokens, which we will discuss below.

If you use Google Authenticator or any other 2FA app, read how to make sure that you won’t lose all your tokens if something happens with your phone in our article “How to Backup Google Authenticator or Transfer It to a New Phone”.

Hardware OTP token

The most reliable means for two-factor authentication are hardware OTP tokens like Protectimus Slim NFC and Yubikey.

Protectimus Slim NFC is configured via NFC on any Android-based device with NFC support. You’ll need it one time just to configure the token. Then it works autonomously and can’t be infected with any virus as well as nobody can intercept the OTP password which is not transferred anywhere.

Yubikey implies connecting tokens through a USB port which might be highly inaccessible to mobile users and leaves a slight possibility to reach the device for some viruses or hackers.

| Read also: The Pros and Cons of Different Two-Factor Authentication Types and Methods

3. Be Careful with Other Devices

Want to find out how to avoid being hacked on Facebook when you have to access your profile through a stranger’s device?

Log out of other devices and don’t use a ‘Keep me logged in’ option

Always remember to exit your Facebook account, email, and any other online user profiles once you’ve done browsing them on a side device. This is the #1 online security rule for publicly accessed devices. If you access FB through your personal device, quitting pages is also recommended.

Check Active Sessions

The built-in Facebook protection looks after users’ privacy on a pretty decent level. If you open Account settings->Security in your profile, you’ll see the list of all devices, through which your page has been accessed. Active sessions are highlighted there. If you discover new, unfamiliar devices or unusual locations there, select ‘End Activity’ to immediately deauthorize any suspicious activity. If you come across such a situation, your account has probably already been hacked.

How to Protect Facebook Account from Being Hacked current sessions

Enable Account Login Notifications

One of the very useful Facebook security options is enabling notifications upon entering your Facebook user profile. You get notifications to your email and a message to your Facebook indicating the device and location of authorization.

4. Care about privacy

Personal data disclosed in social networks can be used against you in various ways – for social engineering, password identification, opinion manipulation, etc. Even regular thieves can use it in their interests, to find out, for instance, at what time you won’t be at home (you undermine your home safety with each social networking post featuring a photo from the airport attached).

In particular, use the Privacy tab in your FB account to configure the following privacy settings on the Facebook page:

  • Who can see my stuff? – define a scope of users who are able to see content on your page – your photos, posts, etc.
  • Who can contact me? – specify who is allowed and who isn’t allowed to invite you to their friend list and send you messages.
  • Who can look me up? – facebook account security settings also allow to let certain people search your profile (e.g. by a telephone number, email address or through external resources).

| Read also: How to Protect Your Privacy on Facebook

5. Be a Smart Internet User

What does it mean to be an advanced Internet user? Use Secure Browsing, watch out for spam links to avoid phishing, remember about social engineering attacks threat, be careful with public Wi-Fi hotspots, and keep your system environment updated & secured.

All these rules help to protect your data on Facebook and any other online account and ultimately answer the question How to secure Facebook account from hackers?’. Let’s discuss each rule in more detail.

Use Secure Browsing

The special Secure Browsing feature allows using the secure HTTPS protocol to connect to web resources (instead of HTTP, used only on outdated or malicious websites since the beginning of 2018). Additionally, it helps to filter out resources that offer automatic registration via FB – you can view the list of those that were approved to fully support this feature.

To enable it, open Account settings->Security->Security Settings in your FB profile. You will see the Secure Browsing feature there (just click Edit and select required security parameters).

For an even higher level of security efforts, you can also use the Private Browsing feature, which allows leaving resources you’ve visited during your Facebook session unregistered (i.e. provides anonymous browsing).

We also strongly recommend checking your web browser for spyware regularly. Just look if there are any suspicious extensions or outdated plugins installed and get rid of them.

Watch out for spam links to avoid phishing

Any links and input fields might potentially be phishing means. This means that any data you provide there will be stolen by web scammers and used against you in the future.

To minimize risks of becoming a phishing victim, remember to:

  • never share your email address with strangers;
  • never open Facebook by shortened or masked links (better enter manually, bookmark the right URL, or open it through search where you can at least see the address of a resource);
  • never use outdated versions of browsers;
  • never follow any links from so-called ‘friends’ or a ‘Facebook user support’ if you aren’t confident in the integrity of the source.

Remember about Social Engineering Attacks threat

Any scammer well familiar with the human psychology will make a convincing attempt to acquire your personal data without any virus software or special hacks. Ignore letters marked as ‘spam’ in your email inbox. Keep in mind also that there are no Facebook policies concerning sending letters with recommendations to change the user password.

Be careful with public WiFi Hotspots

Public WiFi is among the favorite pieces of cake for many hackers. Unfortunately, such networks don’t have a sufficient level of security. Connecting to a public WiFi, make sure to use VPN.

Keep your system environment updated & secured

Make sure to use the latest version of OS as well as a tried and tested updated antivirus. This doesn’t mean however that you should install the latest OS versions immediately upon their release. It’s better to wait until it’s tried out in the field by other users (2-4 weeks). You can read reviews then to make sure it can be sufficiently used.

| Read also: Windows Computer Safety Tips

What to do When Your Facebook Account Is Already Hacked

If one day you realize: ‘someone keeps hacking my facebook’, you can do the following to save the situation.

    1. Change or Reset Your Password. For starters, check – has facebook changed privacy settings without your involvement all of a sudden? That can be a scammer and if they haven’t done that yet, be the first to do that instead. Don’t forget to try and come up with a strong password.How to Protect Facebook Account from Being Hacked change passwordIn case if your passwords have already been customized by a criminal, use the Facebook default password restoring feature (it will be restoring your password through your email, that’s why it is recommended to use multiple emails to register in a social network; 2FA can help you keep all your email addresses secure).
    2. Report Compromised Account. If you conclude that your profile is really hacked, notify the Facebook team about that. They usually help out users in such situations.

How to Protect Facebook Account from Being Hacked report compromised account

  1. Remove Suspicious Applications. In Settings->Apps, there is a full list of all your installed applications. Delete everything that seems to have a suspicious, indistinct name and make sure that all apps are correctly configured to request your personal data to a healthy extent.
  2. Do Damage Control. Last but not least, tell your Facebook friends that your profile has been hacked by cybercriminals – that way you might as well save them from potential hacks or scams.

Final Word

That was our take on the research on ‘How to protect my Facebook account from hackers?’. As you can see, it is possible to make your FB page a safe, protected place if you follow the above-mentioned Facebook security tips. If you have any questions on the subject, feel free to share your mind in the comments.

Read more


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Anna

If you have any questions about two-factor authentication and Protectimus products, ask Anna, and you will get an expert answer. She knows everything about one-time passwords, OTP tokens, 2FA applications, OATH algorithms, how two-factor authentication works, and what it protects against. Anna will explain the difference between TOTP, HOTP, and OCRA, help you choose a token for Azure MFA, and tell you how to set up two-factor authentication for Windows or Active Directory. Over the years with Protectimus, Anna has become an expert in cybersecurity and knows all about the Protectimus 2FA solution, so she will advise on any issue. Please, ask your questions in the comments.

Share This Post On


  1. We ignore the fact that many of us use weak passwords like 12345 and then moan around after being hacked. Why not learn which are the worst passwords and what you need to do to make it impossible to be guessed by hackers. You will find tools of generating strong passwords and you can read blog on PureVPN who complied the list of worst passwords of 2018.

    Post a Reply
  2. Facebook being widely used, have millions of users, so the risk of getting it hacked is surely high. Thanks for sharing this hack.

    Post a Reply
  3. Can you help me to find out who hacked and deleted my account?

    Post a Reply
  4. It s important to proactively secure your social media accounts, especially since you never know when an innocuous mistake could put you at risk. But it isn t just a theoretical threat. Pranksters, vandals, and malicious attackers all look for ways to get into any legitimate account they can. So while you don t need to hide in a hole, there are some worthwhile (and easy!) steps you can take to keep your accounts from being hijacked.

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This