Securing Facebook

In the aftermath of the recent stories about how the personal information of 50 million Facebook users was acquired and misused by the Trump Presidential campaign, many people are wondering whether they should delete their Facebook account.  Others are just looking to see how they can more tightly secure their Facebook account from this sort of abuse.  Fortunately, securing Facebook is relatively easy.

  • Open your Facebook home page, and click on the down arrow at the right end of the toolbar.
  • Click on Settings from the drop-down menu, the 4th item up from the bottom.
  • Click on Security and Login from the left menu column
    • Set up Choose friends to help you… if you wish.
    • Check Where You’re Logged In.  Open See more.  If you do not recognize the locations where you logged in, it could mean your account is compromised.  You might want to change your password.
    • Change password.  Use a strong password of at least 12 characters.
    • Get alerts…  Just a good idea to set this up.
    • Use two-factor authentication.  Whether text message to your phone or phone app, 2FA is the way to go in the age of automated password cracking.
  • Next click on Privacy.  Check the settings and make sure you are limiting your information to the people you really want to share with.
  • Maybe you need to look at Blocking if there are Facebook friends and others that are becoming problematic.  You can add Friends to a restricted list, block users, block messages, block app invites, block apps, block event invites, and block pages here.
  • Now go to Apps.
    • Review all the apps that you are permitting to log on with Facebook.
      • First delete the apps you no longer use, and make sure to delete all your personal data along with it.
      • You can check the remaining apps to see what you have agreed to share.  Make changes as necessary.
    • Want to disable all apps from the ability to log on with Facebook?  Scroll down to the Apps, Websites, and Plugins panel.
      • Click on the Edit button in the panel.
      • The Turn platform off box opens.  Clicking on Disable Platform will turn of the ability to log on with Facebook from all apps and sites.
  • If you want to deactivate or delete your account you can do that from the General tab.
    • Click on Edit after the Deactivate Your Account section.
    • You can also Download a copy of your Facebook data at the same time.
  • Actually deleting your account is harder to do.  There are no obvious links from the settings menu.  If you want to totally delete your Facebook account, go to  Make sure you backed up your Facebook data in the last step.  This is not something you can undo, so be sure before you pull the trigger.
  • The Support Inbox is another area to be aware of.  If you are having problems with unauthorized access, hijacking, trolling, bullying, or other forms of abuse, you can open a report here.
  • At the Help Center, which is the question mark on the toolbar, the last item on the drop-down menu is Report a Problem.  This is another place to report abuse, as well as technical and user problems.

Facebook just released information about their  plans to revamp and centralize security and privacy settings on a single easy to use dashboard.  My opinion is that while that is a good step, the real issue lies with Facebook users who don’t know why or how to make these decisions.  So the issue is user education (again).  If you use Facebook, this is a task you should undertake for your own security and privacy.  If you got far enough into the article to read this, then maybe you are  on the right path.

More information:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.