How to Change Facebook Security Settings

Securing your Facebook account is one of the most important things you can do to protect your personal information and your brand's presence online. This guide walks you through the essential settings you need to check and update today to lock down your account, prevent unauthorized access, and give you complete peace of mind.

Start with Facebook's Security Checkup

Facebook has a built-in tool that makes reviewing your account's security simple and a lot less overwhelming. It's called Security Checkup, and it guides you through the most important settings in one go. Think of it as your security quick-start guide, covering your password, login alerts, and two-factor authentication all in one place. It’s the perfect place to begin.

Here’s how to find and use it:

• Step 1: On your computer, click your profile picture in the top-right corner and select "Settings & Privacy," then click "Settings."
• Step 2: In the left-hand menu, click on "Accounts Center." This is Meta's new hub for managing settings across Facebook, Instagram, and other Meta accounts.
• Step 3: In the Accounts Center menu, select "Password and security."
• Step 4: You'll see an option called "Security Checkup." Click on it to start the guided review. Facebook will walk you through your password strength, where you're logged in, and your alert settings. Follow the prompts and make any recommended changes.

Running the Security Checkup is a great habit to get into every few months. It only takes a couple of minutes and ensures you haven't missed any new security features or old, forgotten device logins.

1. Create a Stronger, More Unique Password

Your password is your first line of defense, and using a simple or recycled one is like leaving your front door unlocked. A strong password makes it significantly harder for anyone to guess or brute-force their way into your account. If your current password is "familydog123" or something you've used on another website, it's time for an upgrade.

Characteristics of a Strong Password:

• Length is better than complexity: Aim for at least 12 characters. A long, simple phrase is often stronger than a short, complicated jumble of symbols.
• Mix it up: Include a combination of uppercase letters, lowercase letters, numbers, and symbols (like !, @, #, $).
• Make it unique: Never reuse a password from another site. If one site gets breached, criminals will try that same email and password combination everywhere else.
• Avoid personal info: Don't use your name, birthday, pet's name, or other easily guessable information.

How to Change Your Facebook Password:

1. Navigate back to the "Accounts Center" and click on "Password and security."
2. Click "Change password" and select the account you want to update.
3. Enter your current password, then type your new, strong password twice to confirm it.
4. Click "Change password" to save. You'll also get an option to log out of all other devices, which is a great idea after a password change to boot out any unauthorized users.

2. Turn On Two-Factor Authentication (2FA)

If you only make one security change today, make it this one. Two-factor authentication adds a second layer of security that requires you to provide a special login code in addition to your password. This means that even if someone steals your password, they still won't be able to get into your account without access to your second verification method.

How to Set Up 2FA on Facebook:

In the "Password and security" menu within the Accounts Center, find and click on "Two-factor authentication." Select your profile, and you'll be prompted to choose a security method:

• Authentication App (Recommended): This is the most secure method. Use an app like Google Authenticator, Duo Mobile, or a password manager that supports 2FA. The app generates a new code every 30-60 seconds that you'll enter when you log in.
• Text Message (SMS): Facebook will text you a code to your phone number. This is convenient but slightly less secure than an authenticator app, as phone numbers can sometimes be victim to "SIM-swapping" attacks. Still, it's far better than having no 2FA at all.
• Security Key: This is a physical hardware device (usually a small USB stick) that you plug into your computer to verify your identity. It's the strongest method available but is less common for everyday users.

Follow the on-screen instructions for your chosen method. Once it's set up, you'll also receive backup codes. Save these codes somewhere safe! If you ever lose access to your phone or authenticator app, these codes are your emergency key to get back into your account.

3. Review Where You're Logged In

Have you ever logged into your Facebook account on a friend's computer, a public library laptop, or an old phone you no longer use? Those sessions can remain active for a long time, creating a security vulnerability. Regularly checking your active sessions is a smart way to catch suspicious activity early and clean up old logins.

How to Check Active Login Sessions:

1. Go to the "Password and security" section in the Accounts Center.
2. Click the option that says "Where you're logged in."
3. Select your account to see a list of all devices currently logged into your Facebook profile.
4. Review this list carefully. It shows the device type, approximate location, and the date of the last activity. If you see anything you don't recognize - like a login from a different city or a device you don't own - it could be a red flag.
5. To log out of a specific device, click on it and select "Log out." If you want a fresh start, you can click "Select devices to log out" at the bottom of the list and choose to log out of all sessions at once. This is highly recommended if you see anything suspicious.

4. Set Up Login Alerts

This setting is your personal security guard. By enabling login alerts, you ask Facebook to notify you immediately whenever a login occurs from a device or browser it doesn’t recognize. This allows you to instantly know if someone else is trying to access your account so you can take action right away.

How to Turn On Login Alerts:

1. In the "Password and security" menu, find and click "Login alerts."
2. Select your account from the list.
3. You'll see options for different types of alerts. You can enable them for "In-app notifications" (alerts within the Facebook app itself) and for your email address. It’s smart to turn on both.
4. Now, if someone logs into your account from a new place, you’ll receive an alert that says something like, "Was this you? We noticed a new login from..." It will also give you an option to say "This was me" or "This wasn't me," which lets you immediately flag unauthorized access.

5. Clean Up Your App and Website Permissions

Over the years, you've likely used your Facebook account to log into countless other websites, games, and apps. Each of these connections grants the third-party service some level of access to your personal information. It's good security hygiene to periodically review which apps are connected to your account and remove any you no longer use or trust.

How to Manage App Permissions:

1. Head back to the Accounts Center and find "Your information and permissions."
2. Select "Apps and Websites." This will show you a list of all third-party services you've connected to Facebook.
3. Go through the list of active apps. If you see an app you haven’t used in years or something you don’t recognize, click on it and select "Remove."
4. When you remove an app, Facebook will ask if you also want to delete all posts, photos, and videos that the app posted on your behalf. This is a good way to clean up your timeline from old content.

Removing old app connections reduces the number of third parties that have access to your data, shrinking your digital footprint and making your account more secure overall.

Final Thoughts

Managing your Facebook security settings isn't a one-time task, but a regular habit that protects your personal data and online identity. By following these steps - strengthening your password, enabling 2FA, clearing old sessions, and using alerts - you make it much harder for anyone else to gain control of your account.

When you're constantly managing multiple brands or client accounts, this kind of security becomes even more essential. I've found that keeping accounts connected securely is just as important as scheduling content. That's why we built Postbase with stable connections at its core, so you don't have to worry about constantly re-authenticating accounts and can manage everything from one secure, reliable dashboard.