Security & Privacy: Protecting Your Facebook Account

I've been receiving a lot of message requests from different Facebook users asking for help regarding account retrieval, security best practices, and privacy tips.

So to make it easier for me to respond to those message requests, I have decided to create a blog about it. In this approach, it will save me keystrokes and time responding to each messages.

Here are a few things I did to make my account secure and private. You can follow it to keep your account secure and private:

Security

Login Credential

Facebook allows you to sign up using either Email Address or Mobile Number.

I highly recommend using your email address when signing up for an account than mobile number, and here are some reasons:

• Some providers recycle mobile numbers and it is very alarming.
  Read: https://www.reddit.com/r/Philippines/comments/cuz0fn/recycled_phone_number
• When you use mobile number as login credential which you also share to many people to contact you, then it will be easier for them to compromise your digital account.
  Read: https://labs.detectify.com/2018/05/24/recycled-phone-numbers/
• There are many SIM-jackers who perform SIM jacking.
  Read: https://www.vice.com/en/article/3kx4ej/sim-jacking-mobile-phone-fraud

It is also better if you use a secret email address for your social media accounts. I recommend not using an email address that you usually share when you apply for a job or contact you.

Additionally, turn off that "Allow friends to include my email address in Download Your Information". If it's enabled, your friends could see your email address when they downloaded their Facebook information.

Password

It's 2021 people, we should start learning from our mistakes so please do update your password. Here are some tips when creating and managing your passwords.

• Do not use a password you already used in other applications. Use a unique one for your Facebook account and never share it to anyone.
• Your password should be hard to guess, so follow these requirements:
  - Length > Complexity, use at least 12 characters for your password
  - do not use any dictionary word as your password
  - must not contain repetitive or sequential characters
  - must have lower and upper case characters
  - nice to have numbers and special characters
• Eliminate periodic resets.
  Read: https://www.sans.org/blog/time-for-password-expiration-to-die/
• Store it in your preferred Password Manager.

Two-Factor Authentication

It is highly recommended enabling your Facebook account's Two-Factor Authentication (2FA). This security feature by Facebook helps you protect your account.

Facebook has 3 different 2FA method.

1. SMS-based 2FA
2. Authenticator-Based 2FA
3. Recovery Codes in case you lose your phone

It also offer a back method using a security key. You need to buy a Yubikey for this one: https://www.yubico.com/

Authorized Logins

Make sure that you only authorize your own devices to access your account.

If you don't recognize a device in the list, remove them now.

It is also better if you remove devices you authorized before or few years ago.

Login Alerts

Facebook has an alert feature that notifies you when someone tries logging in from an unknown device that your account don't recognize. These alerts will give you information which device tried logging in and where it's located.

Facebook will help you reset your password and and secure your account when you click the "This Wasn't Me" button.

Trusted Contact

Facebook has a feature that allow its users to choose 3 out of 5 trusted contacts (current Facebook friends) in case you are ever locked out of your Facebook account. These trusted contacts will be able to send you a 'recovery code' to get back into your Facebook account.

Privacy

Who Can See What You Share

Profile Information

By default, it is recommended to keep every information on your Facebook account to "Only Me" or "Friends". Do not make it public.

These information can be set to "Only Me":
- Email
- Birthday
- Work
- Education

Friends and Following

It is highly recommended to change your account's friends list and the page, people, and lists you follow to "Only Me".

If set to Public, users can use these to gather more information about you, your interests, and your connections.

Posts and Stories

On Facebook, you can decide who you want to see your posts and stories. I highly recommend using "Friends" as your default audience.

Just don't be too public.

How People Can Find You on Facebook

Friend requests

Your account, your control. You can choose who can send you friend requests. It's either "Everyone" or "Friends of friends". I recommend the second one.

Phone number and email

Users can look you up on Facebook using your mobile number and email address. But you can also prevent that by setting it to "Only Me".

Search engines

Facebook allow bots to cache a page on their website including your Facebook profile. You can disable it to prevent search engines outside of Facebook to link to your profile.

If it's enabled, search engines will display your Facebook profile when someone search for your name.

Your Data Settings on Facebook

Apps and websites

Most Facebook users uses their Facebook account to sign up and authenticate to various websites. i.e., Spotify, Canva, etc.

I suggest reviewing the apps and websites from other companies you've used Facebook to log into. If you are no longer using those apps and websites remove them immediately.

Face recognition

Did you know that Facebook uses an awesome technology that detects your face in a photo or video?

Scary lol

When your friend uploaded a photo or video showing your face and if your face recognition is enabled, Facebook will suggest to your friend to tag you in their posts.

I highly suggest turning this feature off for privacy. Learn more here: https://www.facebook.com/help/218540514842030

What Other People See On Your Profile

Tagging and Reviewing

Your Facebook friends can see what other users' posts you're tagged in when they visit your Facebook profile.

A great example is a stolen picture of you that you don't really like. If you set the tagging to Public, your friends can see the stolen picture.

Luckily, Facebook allow you to review posts you're tagged in before they appear on your profile, so I suggest enabling this feature so that you can allow your friends to tag you in posts, photos, and videos if you want to publish it on your profile.

Bonus: Facebook Profile Lock Trick

Facebook has a feature called Profile Lock and it is only available to some countries. Fortunately, we can bypass it to lock our profile.

Here are the steps you need to follow:

1. Go to https://iphone.facebook.com/ - It is a web browser for mobile
2. Click the Menu Icon - It is located at the upper right corner of your screen
3. Scroll down and click "Language"
4. Find "Burmese" language and Click it - မြန်မာဘာသာ
5. Visit https://iphone.facebook.com/settings/?entry_point=bookmark
6. Find the Key Hole icon and click it
7. Click the blue button to lock your profile
8. Change the language again back to your original/preferred language.

Learn more about this feature here: https://www.facebook.com/help/196419427651178